PQ83507: 'access denied' when invoking an app with Java 2 Security on and Global Security disabled | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The problem occurs when Java 2 Security is enabled but Global Security is disabled. When running an application for the first time after app server was recycled, it fails with the following error - access denied when trying to load an application class file: . Trace: 2003/12/22 14:01:03.319 01 t=8DE090 c=2.4 key=P8 (13007002) FunctionName: com.ibm.ws.security.core.SecurityManager SourceId: com.ibm.ws.security.core.SecurityManager Category: WARNING ExtendedMessage: ***BUFFER OVERFLOW*** java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) . More detailed tracing (com.ibm.ws.security.*=all=enabled) showed the access denied to the following file: . com.ibm.ctg.samples.j2ee.EJSRemoteStatelessECIDateTimeHome bb5713aa in {file:/WebSphere/V5R0M2/AppServer/installedApps /PLEX/CustomerApp.ear/App.jar} . The subsequent runs of the application were successful. The class was loaded by taking a different path.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: The customer configures WebSphere for * * z/OS Application Server Cumulative Fix * * W502000 with Global Security disabled * * and Java 2 Security Enabled. * * When running an application for the * * first time, customer gets a * * java.security.AccessControlException: * * access denied Exception. * **************************************************************** * RECOMMENDATION: * **************************************************************** The problem occurs when Java 2 Security is enabled but Global Security is disabled. When running an application for the first time after app server was recycled, it fails with the following error - access denied when trying to load an application class file: FunctionName: com.ibm.ws.security.core.SecurityManager SourceId: com.ibm.ws.security.core.SecurityManager Category: WARNING ExtendedMessage: ***BUFFER OVERFLOW*** java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) at java.security.AccessControlContext.checkPermission (AccessControlContext.java(Compiled Code)) at java.security.AccessController.checkPermission (AccessController.java(Compiled Code)) at java.lang.SecurityManager.checkPermission (SecurityManager.java(Compiled Code)) at com.ibm.ws.security.core.SecurityManager.checkPermission (SecurityManager.java(Compiled Code)) at java.lang.Thread.setContextClassLoader(Thread.java:1169) at com.ibm.ejs.util.dopriv.SetContextClassLoaderPrivileged.run (SetContextClassLoaderPrivileged.java:61) at com.ibm.ejs.container.EJSContainer.doPrivilegedAction (EJSContainer.java:2511) at com.ibm.ejs.container.EJSContainer.popWrapperClassLoader (EJSContainer.java:3813) at com.ibm.ejs.container.EJSContainer. postInvokeForStatelessSessionCreate(EJSContainer.java:3386) at com.ibm.ejs.container.EJSContainer.postInvoke (EJSContainer.java:2968) at com.ibm.ejs.container.EJSContainer.postInvoke (EJSContainer.java:2946) at com.ibm.ctg.samples.j2ee. EJSRemoteStatelessECIDateTimeHome_bb5713aa. create(Unknown Source) at com.ibm.ctg.samples.j2ee._EJSRemoteStatelessECIDateTimeHome _bb5713aa_Tie.create (_EJSRemoteStatelessECIDateTimeHome_bb5713aa_Tie.java:153) at com.ibm.ctg.samples.j2ee._EJSRemoteStatelessECIDateTimeHome _bb5713aa_Tie._invoke (_EJSRemoteStatelessECIDateTimeHome_bb5713aa_Tie.java:78) at com.ibm.ws390.orb.ServerRegionBridge.invoke (ServerRegionBridge.java:574) at com.ibm.ws390.orb.ORBEJSBridge.invoke(ORBEJSBridge.java:168)Problem conclusion Fixed the container code to make sure that the class is loaded correctly when Java 2 security is enabled and Global Security is disabled. APAR PQ83507 is associated with SERVICE LEVEL W502002 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ83507.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ83507
IBM Group: Software Group
Modified date: Mar 3, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.