IBM Support

PH20223: RRA=ALL TRACE RESULTS IN SECJ0314W VIOLATION OF JAVA 2 SECURITY PERMISSION ERROR

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If RRA=all trace is enabled while Java 2 Security is also
    enabled, the following error can occur...
    
    [12/5/19 1:24:07:057 PST] 00000121 SecurityManag W  SECJ0314W:
    Current Java 2 Security policy reported a potential violation
    of Java 2 Security Permission. Refer to the InfoCenter for
    further information.
    Permission:
         javax.resource.spi.security.PasswordCredential : Access
    denied ("javax.security.auth.PrivateCredentialPermission"
    "javax.resource.spi.security.PasswordCredential" "read")
    Code:<null>
    Stack Trace:
    java.security.AccessControlException: Access denied
    ("javax.security.auth.PrivateCredentialPermission"
    "javax.resource.spi.security.PasswordCredential" "read")
    at
    java.security.AccessController.throwACE(AccessController.java:17
    6)
    ...
    at com.ibm.ejs.ras.Tr.fireTraceEvent(Tr.java:1606)
    at com.ibm.ejs.ras.Tr.debug(Tr.java:687)
    at
    com.ibm.websphere.rsadapter.GenericDataStoreHelper.doConnectionS
    etupPerGetConnection(GenericDataStoreHelper.java:1109)
    at
    com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.getConnectio
    n(WSRdbManagedConnectionImpl.java:3715)
    at com.ibm.ejs.j2c.MCWrapper.getConnection(MCWrapper.java:2345)
    at
    com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionM
    anager.java:1066)
    at
    com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD
    ataSource.java:644)
    at
    com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD
    ataSource.java:853)
    at
    com.ibm.ws.sib.msgstore.persistence.impl.WASDatasourceWrapper$1.
    run(WASDatasourceWrapper.java:396)
    at
    com.ibm.ws.sib.msgstore.persistence.impl.WASDatasourceWrapper$1.
    run(WASDatasourceWrapper.java:389)
    at
    com.ibm.ws.sib.security.impl.BusUtilities.doInBusDomain(BusUtili
    ties.java:159)
    ...
    at
    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec
    utor.java:1160)
    at
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe
    cutor.java:635)
    at java.lang.Thread.run(Thread.java:818)
    
    Code Base Location:
    [12/5/19 1:24:07:056 PST] 00000121 GenericDataSt 3
    doConnectionSetupPerGetConnection is not implemented
                                     ProxyConnectionID:168
                                    false
                                    {SUBJECT=Subject:
    Principal: UNAUTHENTICATED
    Private Credential inaccessible
    }
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server using RRA=all trace string           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Security failure can occur when         *
    *                      RRA=all trace is enabled while Java 2   *
    *                      Security                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The following error may occur, [12/5/19 1:24:07:057 PST]
    00000121 SecurityManag W  SECJ0314W:
    Current Java 2 Security policy reported a potential violation
    of Java 2 Security Permission. Refer to the InfoCenter for
    further information.
    Permission:
    javax.resource.spi.security.PasswordCredential : Access
    denied ("javax.security.auth.PrivateCredentialPermission"
    "javax.resource.spi.security.PasswordCredential" "read")
    Code:<null>
    Stack Trace:
    java.security.AccessControlException: Access denied
    ("javax.security.auth.PrivateCredentialPermission"
    "javax.resource.spi.security.PasswordCredential" "read")
    at
    java.security.AccessController.throwACE(AccessController.java:17
    6)
    ...
    at com.ibm.ejs.ras.Tr.fireTraceEvent(Tr.java:1606)
    at com.ibm.ejs.ras.Tr.debug(Tr.java:687)
    at
    com.ibm.websphere.rsadapter.GenericDataStoreHelper.doConnectionS
    etupPerGetConnection(GenericDataStoreHelper.java:1109)
    

Problem conclusion

  • The security error will not occur when RRA=all trace is
    enabled while using Java 2 Security
    
    The fix for this APAR is targeted for inclusion in fix pack
    8.5.5.17 and 9.0.5.3.  For more information, see
    'Recommended Updates for WebSphere Application Server':
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH20223

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-12-11

  • Closed date

    2020-03-02

  • Last modified date

    2020-03-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 October 2021