Download
Abstract
AccessControlException thrown obtaining a connection from the connection pool, when Java 2 and Bus security are both enabled
Download Description
PM10814 resolves the following problem:
ERROR DESCRIPTION:
The following exception is seen when doing a receive call:
java.security.AccessControlException: Access denied
(javax.security.auth.PrivateCredentialPermission
com.ibm.ws.security.token.SingleSignonTokenImpl read)
at
java.security.AccessController.checkPermission(AccessController.
java:108)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:5
33)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(Securit
yManager.java:211)
at
javax.security.auth.Subject$SecureSet$1.next(Subject.java:1228)
at java.util.HashSet.(HashSet.java:76)
at javax.security.auth.Subject.equals(Subject.java:1011)
at
com.ibm.ws.sib.processor.impl.ConnectionImpl.isEquivalentTo(Conn
ectionImpl.java:3892)
at
com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnection.match(JmsJ
caManagedConnection.java:1144)
at
com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnectionFactoryImpl
.matchManagedConnections(JmsJcaManagedConnectionFactoryImpl.java
:636)
LOCAL FIX:
PROBLEM SUMMARY
USERS AFFECTED:
Users of the default messaging provider for IBM WebSphere Application Server Version 7.0
PROBLEM DESCRIPTION:
AccessControlException thrown obtaining a connection from the connection pool, when Java 2 and Bus security are both enabled
RECOMMENDATION:
None
The AccessControlException is thrown due to an equals check being performed on the security Subject outside of a privileged action.
The AccessControlException occurs when Bus security and Java 2 security are both enabled, and a connection is matched in the connection pool. The AccessControlException is likely to occur when doing a JMS receive call, but can occur for other JMS calls that requires enlistment in a transaction (or otherwise requires a connection to be matched from the pool).
PROBLEM CONCLUSION:
The fix for this APAR resolves the problem by ensuring the equals method on the Subject is called with the correct Java 2 security privilege.
The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.11. Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24026584