MustGather: Problems using Java 2 security
 Technote (troubleshooting)
 
Problem(Abstract)
Collecting data for problems with the IBM® WebSphere® Application Server Java™ 2 security™ component. Gathering this MustGather information before calling IBM support will help you understand the problem and save time analyzing the data.
 
Resolving the problem
If you have already contacted support, continue on to the component-specific MustGather information. Otherwise, click: MustGather: Read first for all WebSphere Application Server products.
Java 2 security specific MustGather information

Answer the following questions and collect the requested information:
  1. Has your application been designed with Java 2 security in mind?

  2. What operating system APIs or system files does your application need to access?

  3. What permission's have you granted your application? (was.policy)

  4. Did you manually edit the property file or use the install_root/java/jre/bin/policytool?

  5. Expand TroubleShooting > Logs and Trace > server_name.

  6. Select Diagnostic Trace Service. Increase the Maximum Number of Historical Files from 1 to 10.

    For v5.x users, clear the trace string in the box and replace it with the following trace string:

    com.ibm.ws.security.policy.*=all=enabled:com.ibm.ws.security.core.SecurityManager=all=enabled

  7. Click Apply, and Save.

  8. For V6.0 users, click Apply, then select Change Log Detail Levels.

    Clear the trace string in the box and replace it with the following trace string:

    *=info:com.ibm.ws.security.policy.*=all:com.ibm.ws.security.core.SecurityManager=all


  9. Click Apply, and Save.

  10. For a non-production environment, enable the following JVM custom property:

    com.ibm.websphere.java2secman.norethrow = true

    This can be enabled for Application Servers at Servers > Application Servers > [serverName]. Under Server infrastructure, click Java and Process Management > Process definition. Under Additional properties, click Java Virtual Machine > Custom Properties > New. In the Name field, type com.ibm.websphere.java2secman.norethrow. In the Value field, type true. The output will go to the SystemOut.log file.

    Note:
    The norethrow property is intended for a sandbox or debug environment because it instructs the security manager not to throw the AccessControl exception. Java 2 security is not enforced. This property should not be used in a production environment where a relaxed Java 2 security environment weakens the integrity that Java 2 security is intended to produce.


  11. Stop the server and delete or rename all the logs in the install_root/logs directory for v5.x users and in the profile_home/logs directory for V6.0 users. Then restart the server and recreate the problem. This ensures that the logs are fresh.

    Run the Collector Tool located in the install_root/bin directory.

  12. Follow instructions to send diagnostic information to IBM support.

For a listing of all technotes, downloads, and educational materials specific to the Java Security component, search the WebSphere Application Server support site.
 
Related information
Submitting information to IBM support
Steps to getting support
MustGather: Read first
Troubleshooting guide
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.1
Software edition:
Reference #: 1199333
IBM Group: Software Group
Modified date: Feb 28, 2005