IBM Support

PM16078: A security AccessControlException will be thrown if a dispatched servlet's initialization fails

Fixes are available

7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • AccessControlException is being thrown on deregisterMBean when
    the customer applications' dispatched servlet initialization
    fails in their environment. The WebContainer custom
    property
    com.ibm.ws.webcontainer.reInitServletOnInitUnavailableException
    will need to be  added for this failure to
    happen.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V7.0.0.9 and V7.0.0.11               *
    ****************************************************************
    * PROBLEM DESCRIPTION: A security AccessControlException       *
    *                      will be thrown if a dispatched          *
    *                      servlet's initialization fails.         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When WebSphere Application Server's Java2Security is enabled
    and the WebContainer custom property
    com.ibm.ws.webcontainer.reInitServletOnInitUnavailableException
    is set to true, then if a dispatched servlet's initialization
    fails, customer will get a "Java SecurityException :
    AccessControlException" in addition to the servlet
    initialization failure.
    
    For example,
    Java SecurityException:
     perm.getName<>: AdminPermission
     e.getMessage<>: access denied
    (com.ibm.websphere.security.WebSphereRuntimePermission
    AdminPermission)
    Begin SecurityException
    java.security.AccessControlException: access denied
    (com.ibm.websphere.security.WebSphereRuntimePermission
    AdminPermission)
     at
    java.security.AccessControlContext.checkPermission(AccessControl
    Context.java:323)
     at
    java.security.AccessController.checkPermission(AccessController.
    java:546)
     at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:5
    32)
     at
    com.ibm.ws.security.core.SecurityManager.checkPermission(Securit
    yManager.java:211)
     at
    com.ibm.websphere.management.AdminServiceFactory.getMBeanFactory
    (AdminServiceFactory.java:112)
     at
    com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.deregisterMBe
    an(ServletWrapperImpl.java:271)
     at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapp
    er.java:394)
    

Problem conclusion

  • The WebContainer code has been fixed to check the appropriate
    security permissions while handling the servlet intialization
    failure. Customer will not get the "Java SecurityException:
    AccessControlException" when servlet initialization fails.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.13.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM16078

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-06-07

  • Closed date

    2010-06-22

  • Last modified date

    2010-06-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM16078

Modified date: 22 June 2010