PQ87998: Excessive SECJ messages in logs for failed authentication. Causing logs to fill and performance issues.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Problem Description:
The WebSphere security classes are throwing "SECJ" errors in the
SystemOut logs of the app servers whenever a user fails to
authenticate (ie. they type a bad password) against a back end
system.  We need a way to supress these because they are
filling logs.
SECJ0118E
SECJ4001E
SECJ0369E
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Excessive SECJ messages in logs for     *
*                      failed authentication, causing logs to  *
*                      fill.                                   *
*                      SECJ4001E                               *
*                      SECJ0369E                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
WebSphere security classes are issuing "SECJ0369E" and
"SECJ4001E" messages, with a stack trace included, in the logs
of the app servers whenever a user fails to authenticate (ie.
they type a bad password, or use an invalid username).
There is a need to suppress these messages because they are
filling up the logs.
Example:  A user tried to login into the AdminConsole using
invalid user="MYUSERID". The following list shows all the
messages being issued for this particular error
<1>
Trace: 2004/04/21 13:54:24.566 01 t=8CECF0 c=3.2 key=P8
Description: Log Boss/390 Error
from filename: ./bbossrun.cpp
at line: 1588
error message: BBOS0108E Credential handling function
RunAsGetSpecCred failed in Routine IRRSIA00          with SAF
Return Code(hex): 8, RACF Return Code (hex): 8, and RACF
Reason Code (hex): 10.

<2.>
Trace: 2004/04/21 13:54:24.795 01 t=8CECF0 c=3.2 key=P8
FunctionName: com.ibm.ws.security.registry.zOS.SAFRegistryImp
SourceId: com.ibm.ws.security.registry.zOS.SAFRegistryImpl
Category: ERROR
ExtendedMessage: SECJ0055E: Authentication failed for MYUSERID
The user id or password may have been entered incorrectly or
misspelled.  The user id may not exist, the account could have
expired or disabled. The password may have expired.

Repeats with the BBO wrapper

Trace: 2004/04/21 13:54:24.796 01 t=8CECF0 c=3.2 key=P8
Description: Log Boss/390 Error
from filename: ./bborjtr.cpp
at line: 820
error message: BBOO0220E SECJ0055E: Authentication failed for
MYUSERID. The user id or password may have been entered
incorrectly or misspelled.  The user id may not exist, the
account could have expired or disabled. The password may have
expired. com.ibm.ws.security.registry.zOS.SAFRegistryImpl
com.ibm.ws.security.registry.zOS.SAFRegistry

<3.>
Trace: 2004/04/21 13:54:24.887 01 t=8CECF0 c=3.2 key=P8
FunctionName: com.ibm.ws.security.ltpa.LTPAServerObject
SourceId: com.ibm.ws.security.ltpa.LTPAServerObject
Category: ERROR
ExtendedMessage: SECJ0369E: Authentication failed when using
LTPA. The exception is com.ibm.websphere.security.Password
CheckFailedException: Authentication failed for user: MYUSERID
at com.ibm.ws.security.registry.zOS.SAFRegistryImpl.checkPWGet
at com.ibm.ws.security.registry.UserRegistryImpl.checkPWGetOSC
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPA
at com.ibm.ws.security.web.AuthenLoginModule.login(AuthenLogin
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleP
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcc
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at javax.security.auth.login.LoginContext.invoke(LoginContext.
at javax.security.auth.login.LoginContext.access$000(LoginCont
at javax.security.auth.login.LoginContext$4.run(LoginContext.j
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessControlle
at javax.security.auth.login.LoginContext.invokeModule(LoginCo
at javax.security.auth.login.LoginContext.login(LoginContext.j
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLog
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLog
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextMa
at com.ibm.ws.security.web.FormLoginServlet.formLogin(FormLogi
at com.ibm.ws.security.web.FormLoginServlet.doPost(FormLoginSe
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853
at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doSer
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._ser
at com.ibm.ws.webcontainer.servlet.IdleServletState.service(St
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.serv
at com.ibm.ws.webcontainer.servlet.ServletInstance.service(Ser
at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.
at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.di
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.hand
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.disp
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forw
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppI
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationH
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.h
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatc
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatc
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatc
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatc
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(H
at com.ibm.ws390.wc.http.HttpConnection.readAndHandleRequest(H
at com.ibm.ws390.wc.http.HttpConnection.handle390Request(HttpC
at com.ibm.ws390.wc.httpcatcher.WS390HttpTransport.handleReque

Repeats with the BBO wrapper

Trace: 2004/04/21 13:54:24.888 01 t=8CECF0 c=3.2 key=P8
Description: Log Boss/390 Error
from filename: ./bborjtr.cpp
at line: 820
error message: BBOO0220E SECJ0369E: Authentication failed when
using LTPA. The exception is com.ibm.websphere.security.
PasswordCheckFailedException: Authentication failed for user:
MYUSERID
at com.ibm.ws.security.registry.zOS.SAFRegistryImpl.checkPWGet
at com.ibm.ws.security.registry.UserRegistryImpl.checkPWGetOSC
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPA
at com.ibm.ws.security.web.AuthenLoginModule.login(AuthenLogin
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleP
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcc
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

<4.>
Trace: 2004/04/21 13:54:24.919 01 t=8CECF0 c=3.2 key=P8
FunctionName: com.ibm.ws.security.auth.JaasLoginHelper
SourceId: com.ibm.ws.security.auth.JaasLoginHelper
Category: ERROR
ExtendedMessage: SECJ4001E: Login failed for
MYUSERID/WASRACFREALM com.ibm.websphere.security.auth.
WSLoginFailedException: Authentcation failed for user: MYUSERID
at com.ibm.ws.security.server.lm.swamLoginModule.login(swamLogi
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModulePr
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.j
at javax.security.auth.login.LoginContext.access$000(LoginConte
at javax.security.auth.login.LoginContext$3.run(LoginContext.ja
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginCon
at javax.security.auth.login.LoginContext.login(LoginContext.ja
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLogi
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextMan
at com.ibm.ws.security.web.FormLoginServlet.formLogin(FormLogin
at com.ibm.ws.security.web.FormLoginServlet.doPost(FormLoginSer
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doServ
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._serv
at com.ibm.ws.webcontainer.servlet.IdleServletState.service(Str
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.servi
at com.ibm.ws.webcontainer.servlet.ServletInstance.service(Serv
at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.d
at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dis
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handl
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispa
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forwa
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppIn
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHo
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.ha
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatch
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatch
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatch
at com.ibm.ws390.wc.httpcatcher.WS390Router$WS390RouterDispatch
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(Ht
at com.ibm.ws390.wc.http.HttpConnection.readAndHandleRequest(Ht
at com.ibm.ws390.wc.http.HttpConnection.handle390Request(HttpCo
at com.ibm.ws390.wc.httpcatcher.WS390HttpTransport.handleReques
at com.ibm.ws390.wc.httpcatcher.WS390HttpTransportWrapper.https
at com.ibm.ws390.orb.ServerRegionBridge.invoke(ServerRegionBrid
at com.ibm.ws390.orb.ORBEJSBridge.invoke(ORBEJSBridge.java:170)
---------------------------------------------------------------
com.ibm.websphere.security.PasswordCheckFailedException: Authent
at com.ibm.ws.security.registry.zOS.SAFRegistryImpl.checkPWGetO
at com.ibm.ws.security.registry.UserRegistryImpl.checkPWGetOSCr

Repeats with the BBO wrapper

Trace: 2004/04/21 13:54:24.922 01 t=8CECF0 c=3.2 key=P8
Description: Log Boss/390 Error
from filename: ./bborjtr.cpp
at line: 820
error message: BBOO0220E SECJ4001E: Login failed for
MYUSERID/WASRACFREALM com.ibm.websphere.security.auth.
WSLoginFailedException: Authentcation failed for user: MYUSERID
at com.ibm.ws.security.server.lm.swamLoginModule.login(swamLogi
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModulePr
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.j
at javax.security.auth.login.LoginContext.access$000(LoginConte
at javax.security.auth.login.LoginContext$3.run(LoginContext.ja
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginCon
at javax.security.auth.login.LoginContext.login(LoginContext.ja
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLogi
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextMan
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

<5.>
Trace: 2004/04/21 13:54:25.019 01 t=8CECF0 c=3.2 key=P8
FunctionName: com.ibm.ws.security.web.FormLoginServlet
SourceId: com.ibm.ws.security.web.FormLoginServlet
Category: ERROR
ExtendedMessage: SECJ0118E: Authentication error during
                 authentication for user MYUSERID

Repeats with the BBO wrapper

Trace: 2004/04/21 13:54:25.020 01 t=8CECF0 c=3.2 key=P8
Description: Log Boss/390 Error
from filename: ./bborjtr.cpp
at line: 820
error message: BBOO0220E SECJ0118E: Authentication error during
               authentication for user MYUSERID.
Problem conclusion
The code was modified to remove the stack trace output from
messages <3> and <4> -- SECJ0369E, and SECJ4001E.

APAR PQ87998 is associated with SERVICE LEVEL W502009 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ87998
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-04-26
Closed date 2004-05-21
Last modified date 2004-06-03

APAR is sysrouted FROM one or more of the following:
PQ82431

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ88747    UP04/05/27 P F405

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ87998.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ87998
IBM Group: Software Group
Modified date: Jun 3, 2004