Fix (APAR): PK27681 Status: Fix Release: 6.0.2.9,6.0.2.8,6.0.2.7,6.0.2.13,6.0.2.11 Operating System: AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux Red Hat - pSeries,Linux zSeries,Solaris,Windows Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 77183 Date: 2006-11-17 Abstract: WebSphere Application Server may throw an OutOfMemory Exception when the Security attribute propagation function may store large number of users and hosts information. Description/symptom of problem: PK27681 resolves the following problem: ERROR DESCRIPTION: External Symptom : Out of Memory received on WAS 6.0.2.11 on AIX. This was the leak suspect on analyzing the heapdump : 210,749,296 [120] 8 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/SessionManager 0x304a5a90 210,745,848 [48] 2 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/ConnectionTable 0x33b02b18 210,745,752 [64] 5 array of java/util/Hashtable$Entry 0x33b02ad8 106,523,968 [32] 2 java/util/Hashtable$Entry 0x326f6960 106,523,784 [40] 4 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/Connection 0x326f6a90 106,523,520 [48] 2 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/SessionTable 0x326f6a60 106,523,424 [6,160] 766 array of java/util/Hashtable$Entry 0x32c973e8 103,590,440 [32] 2 java/util/Hashtable$Entry 0x352fb790 103,590,256 [40] 4 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/Connection 0x352fb8c0 103,589,992 [48] 2 com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/SessionTable 0x352fb890 103,589,896 [6,160] 760 array of java/util/Hashtable$Entry 0x3c737600 Level 3 Response : This condition typically occurs while running stress tests. To resolve the issue, the code has been modified to limit the size of AuthzPropToken. LOCAL FIX: Local Fix : Currently not available PROBLEM SUMMARY USERS AFFECTED: WebSphere Application Server version 6.x users who are using the Security Attribute Propagation. PROBLEM DESCRIPTION: WebSphere Application Server may throw an OutOfMemory Exception when the Security attribute propagation function may store large number of users and hosts information. RECOMMENDATION: None The current implementation of WebSphere Application Server can store an unlimited number of entries of users and hosts information in AuthzPropToken. If an application switches security context frequently, eventually WebSphere Application Server throws an OutOfMemory Exception because too many objects are allocated by the token. PROBLEM CONCLUSION: This condition typically occurs while running stress tests. To resolve the issue, the code has been modified to limit the size of AuthzPropToken. The default value is 20 entries and it can be changed by the "com.ibm.websphere.security.auth.PropTokenMaxEntrySize" custom property in security.xml. The fix for this APAR is currently targeted for inclusion in fixpacks 6.0.2.15 and 6.1.0.4. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: NOTE: Choose the: 1) Release the fix applies to 2) The Editions that apply 3) Delete the Editions & Methods that do not apply and this Note Fix applies to Editions: Release 6.0 _X_ Application Server (Express or BASE) _X_ Network Deployment (ND) __ WebSphere Business Integration Server Foundation (WBISF) __ Edge Components __ Developer __ Extended Deployment (XD) Install Fix to: Method: __ Application Server Nodes __ Deployment Manager Nodes _X_ Both NOTE: The user must: * Have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V6.0.2.2 or newer of the Update Installer. This can be checked by reviewing the level of the Update Installer in file /updateinstaller/version.txt. The Update Installer can be downloaded from the following link: http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991 For detailed instructions to Extract the Update Installer see the following Technote: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21205400 1) Copy PKxxxxx.pak file directly to the maintenance directory 2) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that maintenance is being applied to. 3) Launch Update Installer 4) Enter the installation location of the WebSphere product you want to update. 5) Select the "Install maintenance package" operation. 6) Enter the file name of the maintenance package to install (PKxxxxx.pak file which was copied in the maintenance directory). 7) Install the maintenance package. 8) Restart WebSphere Directions to remove fix: NOTE: * The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED * DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED * YOU MAY REAPPLY ANY REMOVED FIX Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that uninstall is being run against. 2) Start Update Installer 3) Enter the installation location of the WebSphere product you want to remove the fix. 4) Select "Uninstall maintenance package" operation. 5) Enter the file name of the maintenance package to uninstall (PKxxxxx.pak). 6) UnInstall maintenance package. 7) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere. Additional Information: