Java 2 security installation

If you are a WebLogic or WebSphere user and use the Java 2 security model, the New Relic Java agent requires additional configuration. Complete these steps after following the usual procedures to download and install the Java agent.

WebLogic: Java 2 Security

If you are using Java 2 security, add the following entry to weblogic.policy to complete installation:

grant codeBase "file:/full/path/to/newrelic/-" {
    permission java.security.AllPermission;
  };

Specify the directory containing newrelic.jar in /full/path/to/newrelic. The default policy file location is weblogic_root/server/lib/weblogic.policy.

WebSphere: Java 2 Security or Administrative Security

If you are using Java 2 Security or WebSphere Admin Security, you must grant all jars inside the New Relic install folder the proper permissions. You can enable New Relic for all app servers by editing your java.policy file. Or, you can enable New Relic for each app server individually by editing that server's server.policy file:

Enable New Relic for all app servers

To enable New Relic for all app servers, edit java.policy:

  1. Open your java.policy file, located inside your WebSphere install directory at:

    YOUR_WEBSPHERE_INSTALL_DIRECTORY/java/jre/lib/security/java.policy
  2. Append the following text to your policy file, customizing the file: path to point to the folder containing newrelic.jar. Ensure you preserve the dash - at the end of the path, which grants all jars in the target folder the necessary permissions.

    grant codeBase "file:/PATH/TO/NEWRELIC/FOLDER/-" {
           permission java.security.AllPermission;
           permission java.net.NetPermission "specifyStreamHandler";
           permission java.net.SocketPermission "*.newrelic.com", "connect,accept,resolve";
    };

    The codeBase value must use slashes, not backslashes, as the directory separator, even on Windows systems.

  3. Restart your application server.
Enable New Relic for individual app servers

To enable New Relic for a single app server, edit that server's server.policy:

  1. Open your server.policy file, located inside your WebSphere install directory at:

    YOUR_WEBSPHERE_INSTALL_DIRECTORY/profiles/YOUR_APP_SERVER_NAME/properties/server.policy
  2. Append the following text to your policy file, customizing the file: path to point to the folder containing newrelic.jar. Ensure you preserve the dash - at the end of the path, which grants all jars in the target folder the necessary permissions.

    grant codeBase "file:/PATH/TO/NEWRELIC/FOLDER/-" {
           permission java.security.AllPermission;
           permission java.net.NetPermission "specifyStreamHandler";
           permission java.net.SocketPermission "*.newrelic.com", "connect,accept,resolve";
    };

    The codeBase value must use slashes, not backslashes, as the directory separator, even on Windows systems.

  3. Restart your application server.

For each app, Java security permissions are determined by the union of java.policy and server.policy. Do not put the same permission settings in multiple files.

For more on policy file syntax, see Default Policy Implementation and Policy File Syntax.

Recommendations for learning more: