PQ86478: java.security.AccessControlException trace records are truncated

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
When activating Java 2 security in a WebSphere for z/OS version
5 server, several java.security.AccessControlException errors
occur. The trace records produced for these exceptions in the
servant region job log are frequently truncated in the middle of
the record. The failing class name at the end of the trace
record is critical information, but it is quite often lost.
For trace records which are less than 16k in length only the
first 4k of the trace record is printed. If the trace record
is > 16k in length, none of it prints out - instead the string
***BUFFER OVERFLOW*** is output.
Local fix
Trace data written to CTRACE data sets can be more completely
formatted using IPCS. Set
ras_trace_outputLocation=BUFFER or
ras_trace_outputLocation=BUFFER SYSPRINT
Start a CTRACE exernal writer for the application server in
question. Capture the CTRACE data, and use IPCS to format the
trace records.
This will permit trace records that are < 16k in length to be
viewed.
If the CTRACE output also shows ***BUFFER OVERFLOW*** then
contact the support center for another possible workaround.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Customer reports a BUFFER OVERFLOW      *
*                      problem when running WebSphere          *
*                      Application Server V5.0 for z/OS that   *
*                      has Java 2 security enabled.            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When Java 2 security is enabled, and an AccessControl exception
is encountered, like java.security.AccessControlException:
access denied (java.io.FilePermission null/j2c.properties read)
WebSphere issues a warning message. The problem is that the
security tracebacks are so large that they overflow the buffer
used by the warning trace.
Problem conclusion
Created 2 warning traces, one that shows the CodeBase and the
missing permission, and the other one that shows the stack
trace.

The following publication was revised as a result
of APAR PQ86478:
________________________________________________________________
WebSphere Application Server V5 for z/OS
Messages and Codes
GA22-7915-00
_______________________________________________________________
This APAR requires changes to documentation.

NOTE: Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text. To access the latest on-line
documentation, go to the product library page at:

www.ibm.com/software/webservers/appserv/zos_os390/library.html

________________________________________________________________
Chapter 1, pg. 64 (new message)

BBOS1001W Current Java 2 Security policy reported a
         potential violation of Java 2 Security Permission.
         Please refer to Problem Determination Guide for
         further information. {0} {1} {2}
Issued by: WebSphere for z/OS
Explanation=The Java Security Manager checkPermission() threw
            a SecurityException on the subject Permission. A
            caller on the call stack does not have the
            required permission. This may not be a problem if
            the caller properly handles this exception.
Programmer response= Verify the attempted operation is
                     permitted by examining all Java 2
                     security policy files and application
                     code. Additional permissions may be
                     required, a doPrivileged API may be
                     needed in some code on the call stack,
                     or the Security Manager properly
                     prevented access to a resource the
                     caller does not have permission to
                     access.
________________________________________________________________
Chapter 1, pg. 64 (new message)
BBOS1002W CAUGHT Java Security EXCEPTION in zOS. A
         potential violation of Java 2 Security Permission.
         Please refer to Problem Determination Guide for
         further information.{0}
Issued by: WebSphere for z/OS
Explanation=The Java Security Manager checkPermission() threw
            a SecurityException on the subject Permission. A
            caller on the call stack does not have the
            required permission. This may not be a problem if
            the caller properly handles this exception.
Programmer response= Verify the attempted operation is
                     permitted by examining all Java 2
                     security policy files and application
                     code. Additional permissions may be
                     required, a doPrivileged API may be
                     needed in some code on the call stack,
                     or the Security Manager properly
                     prevented access to a resource the
                     caller does not have permission to
                     access.
________________________________________________________________

APAR PQ86478 is associated with SERVICE LEVEL W502006 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ86478
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-03-22
Closed date 2004-04-08
Last modified date 2004-05-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ87201    UP04/04/19 P F404

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ86478.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ86478
IBM Group: Software Group
Modified date: May 5, 2004