PQ84626: Prevent Security exception when looking up JMS, JCA, and JDBC Connection Factories when Java 2 security is enabled. | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description I Prevent Security Exception on lookup of JMS / JCA / JDBC Connection Factories with Java 2 security enabled.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: This APAR is addressed by WebSphere * * Distributed APAR PQ79537. In addition, * * it rolls in WebSphere Distributed APARs * * PQ80044 and PQ75055. * * * * (WebSphere Distributed APAR PQ79537) * * Java 2 Security AccessControlException * * thrown when reading j2c.properties * * file. * * * * (WebSphere Distributed APAR PQ80044) * * Repeated issuing of J2CA0086W messages. * * * * (WebSphere Distributed APAR PQ75055) * * Connection pool fills too rapidly, * * possibly eventually leading to a * * ConnectionWaitTimeoutException, when * * the pool's max size is reached. * * Non-optimal performance experienced. * **************************************************************** * RECOMMENDATION: * **************************************************************** (WebSphere Distributed APAR PQ79537) J2CA0009E: An exception occurred while trying to instantiate the ManagedConnectionFactory class XXXXX used by resource YYYYY: java.security.AccessControlException: access denied (java.... at java.security.AccessControlContext.checkPermission(Acces.. at java.security.AccessController.checkPermission(Access.... at java.lang.SecurityManager.checkPermission(SecurityMana... at com.ibm.ws.security.core.SecurityManager.checkPermission( at java.lang.Thread.setContextClassLoader(Thread.java:1219) at com.ibm.ws.xml.ParserFactory.newSAXParser(ParserFactory... at com.ibm.ejs.j2c.XMLReader.validate(XMLReader.java:761) at com.ibm.ejs.j2c.XMLReader.init(XMLReader.java:252) at com.ibm.ejs.j2c.XMLReader.<init>(XMLReader.java:172) at com.ibm.ejs.j2c.ConnectorRuntime.getJ2C_Properties(Conn... (WebSphere Distributed APAR PQ80044) In applications for which Connection Management issues a J2CA0086W message to the error log, the message is issued with each connection request (satisfying the conditions for issuing the message). This will typically happen repeatedly for the same application, filling up the error log. (WebSphere Distributed APAR PQ75055) Some connections created with the same credentials (userId, password) were not able to be shared or reused. This can cause the Connection Manager to create too many connections resulting in a ConnectionWaitTimeoutException when maximum connections has been reached, in addition to non-optimal performance.Problem conclusion (WebSphere Distributed APAR PQ79537) During the lookup of the connection factory (or datasource) the runtime tries to access the filesystem and read the j2c.properties file in order to set connection pooling parameters. The lookup originates from the application, so the read of the j2c.properties file needed to be changed so that it is performed within a doPrivileged block. (WebSphere Distributed APAR PQ80044) Changed to issue J2CA0086W informational messages only once per connection pool, after which we issue Tr.debug trace record calls instead. (WebSphere Distributed APAR PQ75055) Changed to compare the Subject's credential sets instead of comparing the Subjects themselves so that connection requests associated with two different Subjects with different Principals but the same sets of credentials can match, so the connection request can be satisfied by WAS connection pooling and so a new connection is not created on the underlying JDBC, JCA, or JMS resource. APAR PQ84626 is associated with SERVICE LEVEL W502003 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ79537 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ84626.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ84626
IBM Group: Software Group
Modified date: Apr 3, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.