Fixes are available
PM29816; 6.1.0.35: Web Services requests fail with a Java 2 security exception
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
APAR PM20957 introduced a Java 2 security exception with the following stack: java.security.AccessControlException: Access denied (org.osgi.framework.ServicePermission com.ibm.wsspi.cluster.adapter.channel. ChannelSelectionAdapter get) at java.security.AccessController. checkPermission(AccessController.java:103) at java.lang.SecurityManager.checkPermission (SecurityManager.java:558) at com.ibm.ws.security.core.SecurityManager. checkPermission(SecurityManager.java:214) at org.eclipse.osgi.framework.internal.core.Framework. checkGetServicePermission(Framework.java:1331) at org.eclipse.osgi.framework.internal.core.Framework. getServiceReferences(Framework.java:1187) at org.eclipse.osgi.framework.internal.core. BundleContextImpl.getServiceReference( BundleContextImpl.java:757) at com.ibm.wsspi.runtime.service.WsServiceRegistry. getService(WsServiceRegistry.java:105) at com.ibm.ws.websvcs.transport.http. OutboundURLTargetResolver.identityToCFEndPoint( OutboundURLTargetResolver.java:1092) at com.ibm.ws.websvcs.transport.http. OutboundURLTargetResolver.getOutboundTarget( OutboundURLTargetResolver.java:370) at com.ibm.ws.websvcs.transport.http.SOAPOverHTTPSender .<init>(SOAPOverHTTPSender.java:1618) at com.ibm.ws.websvcs.transport.http. HTTPTransportSender.invoke( HTTPTransportSender.java:301) at org.apache.axis2.engine.AxisEngine.send( AxisEngine.java:712)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V6.1 with JAX-WS Web services with * * Java2 security enabled * **************************************************************** * PROBLEM DESCRIPTION: JAX-WS Web services applications may * * get Java 2 security violation when * * run in a Java 2 security enabled * * environment. * **************************************************************** * RECOMMENDATION: Install a fix pack that includes this APAR. * **************************************************************** A regression was introduced in WebSphere Application Server V6.1.0.35 that could cause a java.security.AccessControlException when Java 2 Security is enabled. This problem affects only JAX-RPC Web Services applications that are installed on the application server, and the problem only occurs when one of the following conditions is true: * WS-Addressing is enabled. * The enableInProcessConnections Web Container property is enabled on the server side. * The Remote Request Dispatcher (RRD) Web Container extension is enabled. The following exception may appear in the SystemOut.log: java.security.AccessControlException: Access denied (org.osgi.framework.ServicePermission com.ibm.wsspi.cluster.adapter.channel.ChannelSelectionAdapter get) at java.security.AccessController.checkPermission(AccessController. java:103) at java.lang.SecurityManager.checkPermission(SecurityManager.java:5 58) at com.ibm.ws.security.core.SecurityManager.checkPermission(Securit yManager.java:214) at org.eclipse.osgi.framework.internal.core.Framework.checkGetServi cePermission(Framework.java:1331) at org.eclipse.osgi.framework.internal.core.Framework.getServiceRef erences(Framework.java:1187) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.getSe rviceReference(BundleContextImpl.java:757) at com.ibm.wsspi.runtime.service.WsServiceRegistry.getService(WsSer viceRegistry.java:105) at com.ibm.ws.websvcs.transport.http.OutboundURLTargetResolver.iden tityToCFEndPoint(OutboundURLTargetResolver.java:1092) at com.ibm.ws.websvcs.transport.http.OutboundURLTargetResolver.getO utboundTarget(OutboundURLTargetResolver.java:370) at com.ibm.ws.websvcs.transport.http.SOAPOverHTTPSender.<init>(SOAP OverHTTPSender.java:1618) at com.ibm.ws.websvcs.transport.http.HTTPTransportSender.invoke(HTT PTransportSender.java:301) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:712) ...
Problem conclusion
The JAX-WS code is corrected to prevent the Java 2 security exception. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.37. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM29816
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-01-04
Closed date
2011-01-12
Last modified date
2011-02-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
27 October 2021