Merge pull request #13334 from newrelic/Java-2-security---re-add-back…

…-to-site fix(java 2 security): re-add doc
newrelic · Jun 2, 2023 · 0090181 · 0090181
2 parents ac970cf + 10573b0
commit 0090181
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 0 deletions.
diff --git a/...gents/java-agent/additional-installation/install-java-agent-java-2-security.mdx b/...gents/java-agent/additional-installation/install-java-agent-java-2-security.mdx
@@ -0,0 +1,57 @@
+---
+title: Java 2 security installation for WebLogic and WebSphere
+tags:
+  - Agents
+  - Java agent
+  - Additional installation
+metaDescription: 'For WebLogic and WebSphere users with Java 2 Security or Administrative Security: Additional install steps for the New Relic Java agent.'
+redirects:
+  - /docs/agents/java-agent/installation/install-java-agent-java-2-security
+  - /docs/apm/agents/java-agent/installation/install-java-agent-java-2-security
+---
+
+If you're a WebLogic or WebSphere user and use the Java 2 security model, our Java agent requires configuration in addition to the [Java agent installation](/install/java).
+
+## WebLogic: Java 2 Security [#weblogic-java-2]
+
+If you're using Java 2 security, add the following entry to `weblogic.policy` to complete installation:
+
+```
+grant codeBase "file:YOUR_FULL_PATH_TO_FILE/newrelic/-" {
+    permission java.security.AllPermission;
+  };
+```
+
+Specify the directory containing `newrelic.jar` in `/full/path/to/newrelic`. The default policy file location is `weblogic_root/server/lib/weblogic.policy`.
+
+## WebSphere: Java 2 Security or Administrative Security [#websphere-java-2]
+
+If you are using Java 2 Security or WebSphere Admin Security, you must grant all jars inside the New Relic install folder the proper permissions. 
+
+To enable New Relic for all app servers, edit the `java.policy` file:
+
+1. Open your `java.policy` file, located inside your WebSphere install directory at:
+
+    ```
+    YOUR_WEBSPHERE_INSTALL_DIRECTORY/java/jre/lib/security/java.policy
+    ```
+2. Append the following text to your policy file, customizing the `file:` path to point to the folder containing `newrelic.jar`. Ensure you preserve the dash `-` at the end of the path, which grants all jars in the target folder the necessary permissions.
+
+    ```
+    grant codeBase "file:/YOUR_FULL_PATH_TO_NEW_RELIC_FOLDER/-" {
+          permission java.security.AllPermission;
+          permission java.net.NetPermission "specifyStreamHandler";
+          permission java.net.SocketPermission "*.newrelic.com", "connect,accept,resolve";
+    };
+    ```
+
+    <Callout variant="important">
+      The `codeBase` value must use slashes, not backslashes, as the directory separator, even on Windows systems.
+    </Callout>
+3. Restart your application server.
+
+<Callout variant="tip">
+  For each app, Java security permissions are determined by the union of `java.policy` and `server.policy`. Do not put the same permission settings in multiple files.
+</Callout>
+
+For more on policy file syntax, see [Default policy implementation and policy file syntax](http://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html).
diff --git a/src/nav/apm.yml b/src/nav/apm.yml
@@ -136,6 +136,8 @@ pages:
                     path: /docs/apm/agents/java-agent/additional-installation/install-new-relic-java-agent-gae-flexible-environment
                   - title: JVM argument
                     path: /docs/apm/agents/java-agent/installation/include-java-agent-jvm-argument/
+                  - title: Java 2 Security
+                    path: /docs/apm/agents/java-agent/additional-installation/install-java-agent-java-2-security
               - title: Name your Java application
                 path: /docs/apm/agents/java-agent/configuration/name-your-java-application
               - title: Java agent config file template