PQ83507: 'access denied' when invoking an app with Java 2 Security on and Global Security disabled

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The problem occurs when Java 2 Security is enabled but Global
Security is disabled.
When running an application for the first time after app server
was recycled, it fails with the following error - access
denied when trying to load an application class file:
.
 Trace: 2003/12/22 14:01:03.319 01 t=8DE090 c=2.4 key=P8
 (13007002)
  FunctionName: com.ibm.ws.security.core.SecurityManager
  SourceId: com.ibm.ws.security.core.SecurityManager
  Category: WARNING
  ExtendedMessage: ***BUFFER OVERFLOW***
 java.security.AccessControlException: access denied
 (java.lang.RuntimePermission setContextClassLoader)
.
More detailed tracing (com.ibm.ws.security.*=all=enabled) showed
the access denied to the following file:
.
 com.ibm.ctg.samples.j2ee.EJSRemoteStatelessECIDateTimeHome
 bb5713aa  in {file:/WebSphere/V5R0M2/AppServer/installedApps
 /PLEX/CustomerApp.ear/App.jar}
.
The subsequent runs of the application were successful. The
class was loaded by taking a different path.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: The customer configures WebSphere for   *
*                      z/OS Application Server Cumulative Fix  *
*                      W502000 with Global Security disabled   *
*                      and Java 2 Security Enabled.            *
*                      When running an application for the     *
*                      first time, customer gets a             *
*                      java.security.AccessControlException:   *
*                      access denied Exception.                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The problem occurs when Java 2 Security is enabled but Global
Security is disabled. When running an application for the
first time after app server was recycled, it fails with the
following error - access denied when trying to load an
application class file:

FunctionName: com.ibm.ws.security.core.SecurityManager
SourceId: com.ibm.ws.security.core.SecurityManager
Category: WARNING
ExtendedMessage: ***BUFFER OVERFLOW***
java.security.AccessControlException: access denied
 (java.lang.RuntimePermission setContextClassLoader)
at java.security.AccessControlContext.checkPermission
 (AccessControlContext.java(Compiled Code))
at java.security.AccessController.checkPermission
 (AccessController.java(Compiled Code))
at java.lang.SecurityManager.checkPermission
 (SecurityManager.java(Compiled Code))
at com.ibm.ws.security.core.SecurityManager.checkPermission
 (SecurityManager.java(Compiled Code))
at java.lang.Thread.setContextClassLoader(Thread.java:1169)
at com.ibm.ejs.util.dopriv.SetContextClassLoaderPrivileged.run
 (SetContextClassLoaderPrivileged.java:61)
at com.ibm.ejs.container.EJSContainer.doPrivilegedAction
 (EJSContainer.java:2511)
at com.ibm.ejs.container.EJSContainer.popWrapperClassLoader
 (EJSContainer.java:3813)
at com.ibm.ejs.container.EJSContainer.
   postInvokeForStatelessSessionCreate(EJSContainer.java:3386)
at com.ibm.ejs.container.EJSContainer.postInvoke
 (EJSContainer.java:2968)
at com.ibm.ejs.container.EJSContainer.postInvoke
 (EJSContainer.java:2946)
at com.ibm.ctg.samples.j2ee.
   EJSRemoteStatelessECIDateTimeHome_bb5713aa.
   create(Unknown Source)
at com.ibm.ctg.samples.j2ee._EJSRemoteStatelessECIDateTimeHome
   _bb5713aa_Tie.create
   (_EJSRemoteStatelessECIDateTimeHome_bb5713aa_Tie.java:153)
at com.ibm.ctg.samples.j2ee._EJSRemoteStatelessECIDateTimeHome
   _bb5713aa_Tie._invoke
   (_EJSRemoteStatelessECIDateTimeHome_bb5713aa_Tie.java:78)
at com.ibm.ws390.orb.ServerRegionBridge.invoke
 (ServerRegionBridge.java:574)
at com.ibm.ws390.orb.ORBEJSBridge.invoke(ORBEJSBridge.java:168)
Problem conclusion
Fixed the container code to make sure that the class is loaded
correctly when Java 2 security is enabled and Global Security
is disabled.

APAR PQ83507 is associated with SERVICE LEVEL W502002 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ83507
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-01-20
Closed date 2004-02-12
Last modified date 2004-03-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ85128    UP04/02/20 P F402

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ83507.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ83507
IBM Group: Software Group
Modified date: Mar 3, 2004