Writing a Java Access Control Resource Policy
Java access control resource policies control to which servers and ports Java applets can connect.
To write a Java access control resource policy:
1.In the admin console, select Users > Resource Policies > Web.
2.If your administrator view is not already configured to show Java policies, make the following modifications:
•Click the Customize button in the upper right corner of the page.
•Select the Java check box.
•Select the Access Control check box below the Java check box.
•Click OK.
3.Select the Java > Access Control tab.
4.On the Java Access Policies page, click New Policy.
5.Enter a name to label this policy (required) and a description of the policy (optional).
6.In the Resources section, specify the resources to which this policy applies.
7.In the Roles section, specify:
•Policy applies to ALL roles - To apply this policy to all users.
•Policy applies to SELECTED roles - To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
•Policy applies to all roles OTHER THAN those selected below - To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
8.In the Action section, specify:
•Allow socket access - To enable Java applets to connect to the servers (and optionally ports) in the Resources list.
•Deny socket access - To prevent Java applets from connecting to the servers (and optionally ports) in the Resources list.
•Use Detailed Rules - To specify one or more detailed rules for this policy.
9.Click Save Changes.
10.On the Java Access Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy's (or a detailed rule's) Resource list, it performs the specified action and stops processing policies.
11.(Optional) To improve the performance of your Java applications:
•Select Enable Java instrumentation caching on the Maintenance > System > Options page of the admin console. This option can improve the performance of downloading Java applications.
•After you finish configuring the system, cache your Java applet and access it as end user. This action eliminates the performance hit that occurs through the intermediation engine when the first end user accesses the applet.