What's New

XPages Runtime Update

Share this post:

An update to the XPages runtime on Bluemix has been released this week, as well as a refresh of the Bluemix tooling in Domino Designer. The focus of this new version is security, and the sections below outlines the change and new capabilities.

New XPages Runtime Environment Variable

A new APP_JAVA_POLICY_ALL_PERMISSION environment variable has been added to the XPages runtime. In advanced XPages applications, you may encounter a situation where your custom Java code does not have permission to run. Setting a value of “1” on this variable allows the privileged execution of any Java code in the XPages runtime, including any code contained in your XPages NSF. This is achieved by applying grant {permission java.security.AllPermission;} to the JVM security policy file inside the XPages runtime container.

Enabling this capability, however, can be a security risk. For this reason, the variable is set to “0” (disabled) by default in the XPages runtime, restricting the level of privileged code execution. This new variable adds to the list of supported environment variables in the XPages runtime, which you can read about in the documentation. To allow more precise control of Java permission levels, rather than using the new environment variable, you can use another new feature that has been added to the XPages runtime.

Fine-grained XPages Java Policy

Instead of giving Java code a wide-open permission level, you may prefer to define a more detailed set of policies. This can be achieved by creating a java.policy-fragment file in the deployment directory of your application. If a file with this exact name is detected in the deployment folder by the runtime and APP_JAVA_POLICY_ALL_PERMISSION is disabled, the contents of your fragment file is merged into the global JVM security policy file when your application is being deployed in Bluemix. For example, a java.policy-fragment file containing the following would give permission to Java code inside example.nsf to access the “PATH” system environment variable: grant codeBase "xspnsf://server:0/example.nsf/-" {permission java.lang.RuntimePermission "getenv.PATH";}

Updated Tooling

Along with the XPages runtime update, the Domino Designer Bluemix tooling has been updated as well. This tooling is available as part of release 14 of the open source XPages Extension Library on OpenNTF. In the Bluemix Manifest editor in Designer, you can now set all of the XPages specific environment variables in a dedicated panel. This includes the ability to set the new Java security variable. And each one has an informative tooltip to describe what it does.

Check out the documentation for a list of all the available environment variables.

All of these new features in the XPages runtime give you more control over the security of your XPages applications running in Bluemix. You can read more about the XPages Java security policy in Chapter 21 of the book “Mastering XPages : Second Edition”, available from IBM Press and Amazon.

More stories
April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading

April 19, 2019

Introducing IBM Cloud Object Storage Firewall: Further Secure Your Data

IBM Cloud Object Storage (COS) is giving you more control over who can access your data. We have introduced a new capability allowing you to configure your buckets with trusted IP address(es) that will dictate access to the data in COS.

Continue reading