IBM Support

PI66478: SECURITY CODE INCORRECTLY CALLS JAXBPERMISSION CLASS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Customer upgraded their WebSphere Application servers from
    V8.5.5.7 to V8.5.5.9 and IBM Java 7.0.1.0 SR 9 FP10 to 7.0.1.0
    SR 9 FP40.
    
    They use the Java 2 Security mechanism, so all their
    applications have defined the permissions they need in their
    was.policy.
    
    
    Since this upgrade, some of their applications are facing the
    following new permission request (see example below):
    
    [5/25/16 14:13:22:607 CEST] 000000f5 SecurityManag W
    SECJ0314W: Current Java 2 Security policy reported a potential
    violation of Java 2 Security Permission. Refer to the
    InfoCenter for further information.
    Permission:
    setDatatypeConverter : Access denied ("javax.xml.bind.
    JAXBPermission" "setDatatypeConverter")
    
    Code:
    
    <customer code path & file name>
    
    Stack Trace:
    java.security.AccessControlException: Access denied
    ("javax.xml.bind.JAXBPermission" "setDatatypeConverter")
    
    
    They added this permission request in the related was.policy:
    
    permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
    
    
    But in this case, they are facing another error:
    
    [5/25/16 10:17:14:117 CEST] 0000006b ApplicationPa E
    SECJ0198E: An exception was caught while constructing the
    permission object. The exception
    isjava.lang.NoSuchMethodException:
    javax.xml.bind.JAXBPermission.<init>(java.lang.String,
    java.lang.String)
    
    And the was.policy is considered as corrupted, so they have a
    lot of other Java 2 Security exceptions in the startup log
    files.
    
    
    The same version of the impacted applications are running
    fine on V 8.5.5.7 with Java 7.0.1.0 SR 9 FP10.
    

Local fix

  • Customer replaced the following libraries from WAS
    8.5.5.9 by the versions of WAS 8.5.5.7:
    
    WAS 8.5.5.9:
    sbelt10113:wasadmin [/opt/websphere/85/appserver/endorsed_apis]
    ls -la -rw-r-----.  1 wasadmin was 102256 May 18 20:46
    jaxb-api.jar -rw-r-----.  1 wasadmin was  50360 May 18 20:46
    jaxws-api.jar
    
    WAS 8.5.5.7:
    sbeld10457:wasadmin [/opt/websphere/85/appserver/endorsed_apis]
    ls -la -rw-r-----.  1 wasadmin was 105134 Jun 15 18:09
    jaxb-api.jar -rw-r-----.  1 wasadmin was  54341 Jun 15 18:09
    jaxws-api.jar
    
    As you can see, the size of the related libraries is smaller in
    WAS8.5.5.9 than in WAS 8.5.5.7.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: NoSuchMethodException when using        *
    *                      Java2 Security and JAXBPermission in    *
    *                      the correct policy files.               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The following exception is noted when using JAVA 2 Security
    and have the JAXBPermission in the correct Websphere policy
    files.
    SECJ0198E: An exception was caught while constructing the
    permission object. The exception is
    java.lang.NoSuchMethodException:
    javax.xml.bind.JAXBPermission.<init>(java.lang.String,
    java.lang.String)
    

Problem conclusion

  • As of V8.5.5.9 updated implementations of the jaxb-api.jar
    were introduced in order to comply with the Java
    Specifications. Among the changes that were included was the
    update of the JAXBPermission method. Because of this, the
    WebSphere Application Server code has been reviewed and
    updated in order to comply with the new requirements.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.5.5.12 and 9.0.0.3.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI66478

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-07-26

  • Closed date

    2016-11-16

  • Last modified date

    2017-11-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
16 October 2021