PQ86478: java.security.AccessControlException trace records are truncated | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When activating Java 2 security in a WebSphere for z/OS version 5 server, several java.security.AccessControlException errors occur. The trace records produced for these exceptions in the servant region job log are frequently truncated in the middle of the record. The failing class name at the end of the trace record is critical information, but it is quite often lost. For trace records which are less than 16k in length only the first 4k of the trace record is printed. If the trace record is > 16k in length, none of it prints out - instead the string ***BUFFER OVERFLOW*** is output.Local fix Trace data written to CTRACE data sets can be more completely formatted using IPCS. Set ras_trace_outputLocation=BUFFER or ras_trace_outputLocation=BUFFER SYSPRINT Start a CTRACE exernal writer for the application server in question. Capture the CTRACE data, and use IPCS to format the trace records. This will permit trace records that are < 16k in length to be viewed. If the CTRACE output also shows ***BUFFER OVERFLOW*** then contact the support center for another possible workaround.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Customer reports a BUFFER OVERFLOW * * problem when running WebSphere * * Application Server V5.0 for z/OS that * * has Java 2 security enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** When Java 2 security is enabled, and an AccessControl exception is encountered, like java.security.AccessControlException: access denied (java.io.FilePermission null/j2c.properties read) WebSphere issues a warning message. The problem is that the security tracebacks are so large that they overflow the buffer used by the warning trace.Problem conclusion Created 2 warning traces, one that shows the CodeBase and the missing permission, and the other one that shows the stack trace. The following publication was revised as a result of APAR PQ86478: ________________________________________________________________ WebSphere Application Server V5 for z/OS Messages and Codes GA22-7915-00 _______________________________________________________________ This APAR requires changes to documentation. NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390/library.html ________________________________________________________________ Chapter 1, pg. 64 (new message) BBOS1001W Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to Problem Determination Guide for further information. {0} {1} {2} Issued by: WebSphere for z/OS Explanation=The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception. Programmer response= Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access. ________________________________________________________________ Chapter 1, pg. 64 (new message) BBOS1002W CAUGHT Java Security EXCEPTION in zOS. A potential violation of Java 2 Security Permission. Please refer to Problem Determination Guide for further information.{0} Issued by: WebSphere for z/OS Explanation=The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception. Programmer response= Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access. ________________________________________________________________ APAR PQ86478 is associated with SERVICE LEVEL W502006 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ86478.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ86478
IBM Group: Software Group
Modified date: May 5, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.