Protecting Java class files and jar files in the integrated file system

To run a Java™ program, you will need read (*R) authority to each Java class and jar file plus execute (*X) authority to each directory in the path to the Java class and jar files. If you use Java class and jar files in the integrated file system, you need to protect them using normal object authorities.

To protect Java files, use the CHGAUT command to secure the directories in the path and the files with object authority attributes. A user might need read (*R) authority to the Java class and jar files to run a Java program. They can get that authority from the public authority of the file or from private authority. An authorization list is helpful in setting up private authority for a group of users. Do not give anyone write (*W) authority to the file unless they are allowed to change the file.

You can use the Classpath Security Check Level (CHKPATH) parameter on the RUNJVA command to make sure that a running Java application is using the correct files from the CLASSPATH. You can use a value of CHKPATH(*SECURE) to prevent a Java program from running if one or more warning messages are sent for each directory in the CLASSPATH that has public write authority.