IBM Support

PM50487: VMM IS ENFORCING JAVA 2 SECURITY ON API CALLS.

Fixes are available

7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • ..
    

Local fix

  • NA
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Virtual member manager (VMM) has a      *
    *                      Java2 security check when it tries to   *
    *                      initialize. This fails with             *
    *                      java.security.AccessControlException    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    During VMM initialization AccessControlException occurs which
    fails initialization of VMM schema and adapters.
    java.security.AccessControlException: Access denied
    (com.ibm.websphere.security.WebSphereRuntimePermission
    AdminPermission)
    at
    java.security.AccessController.checkPermission(AccessController.
    java:108)
    at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:5
    50)
    at
    com.ibm.ws.security.core.SecurityManager.checkPermission(Securit
    yManager.java:210)
    at
    com.ibm.websphere.management.AdminServiceFactory.getAdminService
    (AdminServiceFactory.java:76)
    at
    com.ibm.ws.wim.EnvironmentManager.isNodeAgent(EnvironmentManager
    .java:243)
    at
    com.ibm.ws.wim.EnvironmentManager.isDirectAccessMode(Environment
    Manager.java:196)
    at
    com.ibm.ws.wim.tx.JTAHelper.useTransaction(JTAHelper.java:146)
    at
    com.ibm.websphere.wim.ServiceProvider.createRootDataObject(Servi
    ceProvider.java:272)
    at
    com.ibm.ws.wim.registry.util.MembershipBridge.getGroupsForUser(M
    embershipBridge.java:142)
    at
    com.ibm.ws.wim.registry.WIMUserRegistry$15.run(WIMUserRegistry.j
    ava:669)
    at
    com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManager
    Impl.java:4495)
    at
    com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextM
    anagerImpl.java:4593)
    at
    com.ibm.ws.wim.security.authz.jacc.JACCSecurityManager.runAsSupe
    rUser(JACCSecurityManager.java:419)
    at
    com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperU
    ser(ProfileSecurityManager.java:961)
    at
    com.ibm.ws.wim.registry.WIMUserRegistry.getGroupsForUser(WIMUser
    Registry.java:658)
    at
    com.ibm.ws.security.registry.UserRegistryImpl.getGroupsForUser(U
    serRegistryImpl.java:702)
    at
    com.ibm.ws.sib.security.impl.UserImpl.getGroups(UserImpl.java:18
    0)
    at
    com.ibm.ws.sib.processor.matching.MPPrincipal.<init>(MPPrincipal
    .java:96)
    at
    com.ibm.ws.sib.processor.matching.TopicAuthorization.checkPermis
    sionToPublish(TopicAuthorization.java:246)
    at
    com.ibm.ws.sib.processor.impl.AccessChecker.checkDiscriminatorAc
    cess(AccessChecker.java:573)
    at
    com.ibm.ws.sib.processor.impl.BaseDestinationHandler.checkDiscri
    minatorAccess(BaseDestinationHandler.java:4721)
    at
    com.ibm.ws.sib.processor.impl.ConnectionImpl.checkProducerAuthor
    ity(ConnectionImpl.java:5875)
    at
    com.ibm.ws.sib.processor.impl.ConnectionImpl.internalCreateProdu
    cerSession(ConnectionImpl.java:1039)
    at
    com.ibm.ws.sib.processor.impl.ConnectionImpl.createProducerSessi
    on(ConnectionImpl.java:967)
    at
    com.ibm.ws.sib.processor.impl.ConnectionImpl.createProducerSessi
    on(ConnectionImpl.java:898)
    at
    com.ibm.ws.sib.api.jms.impl.JmsMsgProducerImpl.<init>(JmsMsgProd
    ucerImpl.java:390)
    at
    com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.instantiateProducer(J
    msSessionImpl.java:2107)
    at
    com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.createProducer(JmsSes
    sionImpl.java:1122)
    at abvt.sib.abvtTest.runPubSubTests(abvtTest.java:362)
    at abvt.sib.abvtTest.runTests(abvtTest.java:206)
    at abvt.sib.TestRunnerBean.runTests(TestRunnerBean.java:35)
    at
    abvt.sib.EJSRemoteStatelessTestRunnerBean_1f232079.runTests(Unkn
    own Source)
    at
    abvt.sib._EJSRemoteStatelessTestRunnerBean_1f232079_Tie.runTests
    (_EJSRemoteStatelessTestRunnerBean_1f232079_Tie.java:159)
    at
    abvt.sib._EJSRemoteStatelessTestRunnerBean_1f232079_Tie._invoke(
    _EJSRemoteStatelessTestRunnerBean_1f232079_Tie.java:103)
    at
    com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDe
    legate.java:623)
    at
    com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:4
    76)
    at com.ibm.rmi.iiop.ORB.process(ORB.java:503)
    at com.ibm.CORBA.iiop.ORB.process(ORB.java:1569)
    at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2769)
    at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2638)
    at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
    at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1485)
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PM50487

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-10-20

  • Closed date

    2012-01-06

  • Last modified date

    2012-01-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 610

Reference #: PM50487

Modified date: 06 January 2012