PQ84626: Prevent Security exception when looking up JMS, JCA, and JDBC Connection Factories when Java 2 security is enabled.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
I
Prevent Security Exception on lookup of JMS / JCA / JDBC
Connection Factories with Java 2 security enabled.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: This APAR is addressed by WebSphere     *
*                      Distributed APAR 
PQ79537.  In addition, *
*                      it rolls in WebSphere Distributed APARs *
*                      
PQ80044 and 
PQ75055.                    *
*                                                              *
*                      (WebSphere Distributed APAR 
PQ79537)    *
*                      Java 2 Security AccessControlException  *
*                      thrown when reading j2c.properties      *
*                      file.                                   *
*                                                              *
*                      (WebSphere Distributed APAR 
PQ80044)    *
*                      Repeated issuing of J2CA0086W messages. *
*                                                              *
*                      (WebSphere Distributed APAR 
PQ75055)    *
*                      Connection pool fills too rapidly,      *
*                      possibly eventually leading to a        *
*                      ConnectionWaitTimeoutException, when    *
*                      the pool's max size is reached.         *
*                      Non-optimal performance experienced.    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
(WebSphere Distributed APAR 
PQ79537)
J2CA0009E: An exception occurred while trying to instantiate the
ManagedConnectionFactory class XXXXX used by resource YYYYY:
java.security.AccessControlException: access denied (java....
  at java.security.AccessControlContext.checkPermission(Acces..
  at java.security.AccessController.checkPermission(Access....
  at java.lang.SecurityManager.checkPermission(SecurityMana...
  at com.ibm.ws.security.core.SecurityManager.checkPermission(
  at java.lang.Thread.setContextClassLoader(Thread.java:1219)
  at com.ibm.ws.xml.ParserFactory.newSAXParser(ParserFactory...
  at com.ibm.ejs.j2c.XMLReader.validate(XMLReader.java:761)
  at com.ibm.ejs.j2c.XMLReader.init(XMLReader.java:252)
  at com.ibm.ejs.j2c.XMLReader.<init>(XMLReader.java:172)
  at com.ibm.ejs.j2c.ConnectorRuntime.getJ2C_Properties(Conn...

(WebSphere Distributed APAR 
PQ80044)
In applications for which Connection Management issues a
J2CA0086W message to the error log, the message is issued with
each connection request (satisfying the conditions for issuing
the message).  This will typically happen repeatedly for the
same application, filling up the error log.

(WebSphere Distributed APAR 
PQ75055)
Some connections created with the same credentials
(userId, password) were not able to be shared or reused.
This can cause the Connection Manager to create too many
connections resulting in a ConnectionWaitTimeoutException when
maximum connections has been reached, in addition to non-optimal
performance.
Problem conclusion
(WebSphere Distributed APAR 
PQ79537)
During the lookup of the connection factory (or datasource) the
runtime tries to access the filesystem and read the
j2c.properties file in order to set connection pooling
parameters. The lookup  originates from the application, so the
read of the j2c.properties file needed to be changed so that it
is performed within a doPrivileged block.

(WebSphere Distributed APAR 
PQ80044)
Changed to issue J2CA0086W informational messages only once per
connection pool, after which we issue Tr.debug trace record
calls instead.

(WebSphere Distributed APAR 
PQ75055)
Changed to compare the Subject's credential sets instead of
comparing the Subjects themselves so that connection requests
associated with two different Subjects with different
Principals but the same sets of credentials can match, so
the connection request can be satisfied by WAS connection
pooling and so a new connection is not created on the underlying
JDBC, JCA, or JMS resource.

APAR PQ84626 is associated with SERVICE LEVEL W502003 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ84626
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-02-12
Closed date 2004-02-26
Last modified date 2004-04-03

APAR is sysrouted FROM one or more of the following:
PQ79537

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ85594    UP04/03/02 P F403

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ84626.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ84626
IBM Group: Software Group
Modified date: Apr 3, 2004