Fixes are available
APAR status
Closed as program error.
Error description
If RRA=all trace is enabled while Java 2 Security is also enabled, the following error can occur... [12/5/19 1:24:07:057 PST] 00000121 SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information. Permission: javax.resource.spi.security.PasswordCredential : Access denied ("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential" "read") Code:<null> Stack Trace: java.security.AccessControlException: Access denied ("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential" "read") at java.security.AccessController.throwACE(AccessController.java:17 6) ... at com.ibm.ejs.ras.Tr.fireTraceEvent(Tr.java:1606) at com.ibm.ejs.ras.Tr.debug(Tr.java:687) at com.ibm.websphere.rsadapter.GenericDataStoreHelper.doConnectionS etupPerGetConnection(GenericDataStoreHelper.java:1109) at com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.getConnectio n(WSRdbManagedConnectionImpl.java:3715) at com.ibm.ejs.j2c.MCWrapper.getConnection(MCWrapper.java:2345) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionM anager.java:1066) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:644) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcD ataSource.java:853) at com.ibm.ws.sib.msgstore.persistence.impl.WASDatasourceWrapper$1. run(WASDatasourceWrapper.java:396) at com.ibm.ws.sib.msgstore.persistence.impl.WASDatasourceWrapper$1. run(WASDatasourceWrapper.java:389) at com.ibm.ws.sib.security.impl.BusUtilities.doInBusDomain(BusUtili ties.java:159) ... at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec utor.java:1160) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe cutor.java:635) at java.lang.Thread.run(Thread.java:818) Code Base Location: [12/5/19 1:24:07:056 PST] 00000121 GenericDataSt 3 doConnectionSetupPerGetConnection is not implemented ProxyConnectionID:168 false {SUBJECT=Subject: Principal: UNAUTHENTICATED Private Credential inaccessible }
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server using RRA=all trace string * **************************************************************** * PROBLEM DESCRIPTION: Security failure can occur when * * RRA=all trace is enabled while Java 2 * * Security * **************************************************************** * RECOMMENDATION: * **************************************************************** The following error may occur, [12/5/19 1:24:07:057 PST] 00000121 SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information. Permission: javax.resource.spi.security.PasswordCredential : Access denied ("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential" "read") Code:<null> Stack Trace: java.security.AccessControlException: Access denied ("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential" "read") at java.security.AccessController.throwACE(AccessController.java:17 6) ... at com.ibm.ejs.ras.Tr.fireTraceEvent(Tr.java:1606) at com.ibm.ejs.ras.Tr.debug(Tr.java:687) at com.ibm.websphere.rsadapter.GenericDataStoreHelper.doConnectionS etupPerGetConnection(GenericDataStoreHelper.java:1109)
Problem conclusion
The security error will not occur when RRA=all trace is enabled while using Java 2 Security The fix for this APAR is targeted for inclusion in fix pack 8.5.5.17 and 9.0.5.3. For more information, see 'Recommended Updates for WebSphere Application Server': http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH20223
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-12-11
Closed date
2020-03-02
Last modified date
2020-03-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021