|
Problem(Abstract) |
Collecting data for problems with the IBM® WebSphere®
Application Server Java™ 2 security™ component. Gathering this MustGather
information before calling IBM support will help you understand the
problem and save time analyzing the data. |
|
|
|
Resolving the
problem |
If you have already contacted support, continue on to the
component-specific MustGather information. Otherwise, click: MustGather:
Read first for all WebSphere Application Server products.
Java 2 security specific MustGather information
Answer the following questions and collect the requested information:
- Has your application been designed with Java 2 security in mind?
- What operating system APIs or system files does your application need
to access?
- What permission's have you granted your application?
(was.policy)
- Did you manually edit the property file or use the
install_root/java/jre/bin/policytool?
- Expand TroubleShooting > Logs and Trace >
server_name.
- Select Diagnostic Trace Service. Increase the Maximum Number
of Historical Files from 1 to 10.
For v5.x users, clear the trace string in the box and replace it
with the following trace string:
com.ibm.ws.security.policy.*=all=enabled:com.ibm.ws.security.core.SecurityManager=all=enabled |
|
- Click Apply, and Save.
- For V6.0 users, click Apply, then select Change Log
Detail Levels.
Clear the trace string in the box and replace it with the following trace
string:
*=info:com.ibm.ws.security.policy.*=all:com.ibm.ws.security.core.SecurityManager=all |
|
- Click Apply, and Save.
- For a non-production environment, enable the following JVM custom
property:
com.ibm.websphere.java2secman.norethrow = true |
|
This can be enabled for Application Servers at Servers
> Application Servers > [serverName]. Under Server infrastructure,
click Java and Process Management > Process definition. Under
Additional properties, click Java Virtual Machine > Custom Properties
> New. In the Name field, type com.ibm.websphere.java2secman.norethrow.
In the Value field, type true. The output will go to the
SystemOut.log file.
Note: The norethrow property is intended for a sandbox or
debug environment because it instructs the security manager not to throw
the AccessControl exception. Java 2 security is not enforced. This
property should not be used in a production environment where a relaxed
Java 2 security environment weakens the integrity that Java 2 security is
intended to produce. |
|
- Stop the server and delete or rename all the logs in the
install_root/logs directory for v5.x
users and in the profile_home/logs directory
for V6.0 users. Then restart the server and recreate the problem. This
ensures that the logs are fresh.
Run the Collector
Tool located in the install_root/bin
directory.
- Follow instructions to send
diagnostic information to IBM support.
For a listing of all technotes, downloads, and educational materials
specific to the Java Security component, search the WebSphere
Application Server support site. |
|
|
|