We’ve turned on Java 2 security in our environment. Java 2 security is turned off on every app server by default including Websphere. This little setting caused us quite a few problems as we hadn’t built any of our applications with this in mind. My anecdotal experiences is that I’ve never seen it used anywhere, but that is just my experience.
Up until now we’ve been able to deal with the headaches. A nasty surprise was apparently using RAD and its built in test server you literally can’t turn it on without breaking your test portal instance. So we don’t try to run Java 2 Security on our local instances unless we don’t need portal. Today I learned about a new issue.
I’m working on our intranet portal project and I’ve noticed for a while that search hasn’t been enabled. As it turns out one of the developers showed me the issue with search. You can go to the admin portal for search to setup the crawler, and it needs to generate a unique URL. The problem appears to be since Java 2 Security is turned on all the generated unique URLs are really long (Possibly some encryption of the URL params?). No problem there except in the admin web page it truncates the URLs since the form field only allows 250 characters. We haven’t found a workaround yet, but we haven’t spent too much time digging.
Now I find out the latest version of Websphere Portal, 5.1 only just added Java 2 Security:
WebSphere Portal v5.1 offers a number of security enhancements and it now supports Java 2 Security. (link)
So we have a new question for our IBM lab advocate. Just how many customers of theirs actually enable Java 2 Security in Websphere Portal?