Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDynamics Team

When running WebSphere with Security Enabled, the user must provide permissions to the Java Agent, to ensure a seamless interaction between the two.


Add the following snippet to the security policy file:


grant codeBase "file:\* AGENT_DEPLOYMENT_DIRECTORY \*/-" 

The security policy file is located in the AppDynamics Agent logs under JVM arguments:


Or Unix users can use the ps command to find the command line parameters for the JVM.


If the JVM argument is not provided, the application may be using a default Java policy file (java.policy). Add the previously mentioned snippet to this file. 


Examples where applying permissions is not sufficient:


1. Agent logs show: access denied ("" "/xx/xx/xx/y.xml" "read") 

grant codeBase "file:\* AGENT_DEPLOYMENT_DIRECTORY \*/-" 

   permission "*","read,write,execute"; 
2. Agent logs show: access denied (java.lang.RuntimePermission getClassLoader)
grant codeBase "file:\* AGENT_DEPLOYMENT_DIRECTORY \*/-" 

permission java.lang.RuntimePermission "getClassLoader";
 3. Agent logs show: access denied ("" "findMBeanServer")
grant codeBase "file:\* AGENT_DEPLOYMENT_DIRECTORY \*/-" 

permission "findMBeanServer";
Note: Replace \*AGENT_DEPLOYMENT_DIRECTORY\* with the Agent home directory path. Do not miss the forward slash (/-) at the end. 
Linux example: grant codeBase "file:/opt/appdynamics/appserveragent/-"
Windows example: grant codeBase "file:c:/appdynamics/appserveragent/-"

Additional solutions: 

Add the following property as a JVM argument only on development instances. Remove this property as soon as security debugging is completed."access,failure"
Additionally, create a node level property, which can coincide with the above security policy file changes.
Node property example:
property name: enable-interceptors-for-security
type: boolean
value: true
Note: Changes in the security policy file require a JVM restart. 
Version history
Last update:
‎07-11-2017 03:43 PM
Updated by: