Fixes are available
9.0.0.2: WebSphere Application Server traditional V9.0 Fix Pack 2
16.0.0.4: WebSphere Application Server Liberty 16.0.0.4
9.0.0.3: WebSphere Application Server traditional V9.0 Fix Pack 3
9.0.0.4: WebSphere Application Server traditional V9.0 Fix Pack 4
9.0.0.5: WebSphere Application Server traditional V9.0 Fix Pack 5
9.0.0.6: WebSphere Application Server traditional V9.0 Fix Pack 6
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
17.0.0.1: WebSphere Application Server Liberty 17.0.0.1
17.0.0.2: WebSphere Application Server Liberty 17.0.0.2
17.0.0.3: WebSphere Application Server Liberty 17.0.0.3
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Permission: org.apache.jasper.Constants.JSP_SERVLET_BASE : access denied ("java.util.PropertyPermission" "org.apache.jasper.Constants.JSP_SERVLET_BASE" "read") Code: com.ibm.ws.jsp.tagfile.webinf._test in {file:/opt/Moonstone/WAS/profiles/node1/installedApps/ndcell/PM1 2658.ear/PM12658.war} Stack Trace: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "org.apache.jasper.Constants.JSP_SERVLET_BASE" "read") at java.security.AccessControlContext.checkPermission(AccessControl Context.java:472) at java.security.AccessController.checkPermission(AccessController. java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:5 49) at com.ibm.ws.security.core.SecurityManager.checkPermission(Securit yManager.java:208) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.ja va:1294) at java.lang.System.getProperty(System.java:753) at org.apache.jasper.Constants.<clinit> (Constants.java:36) at org.apache.jasper.el.ELContextImpl.<clinit> (ELContextImpl.java:83) at org.apache.jasper.runtime.JspApplicationContextImpl.createELCont ext(JspApplicationContextImpl.java:124) at org.apache.jasper.runtime.PageContextImpl.getELContext(PageConte xtImpl.java:837) at org.apache.jasper.runtime.JspContextWrapper.getELContext(JspCont extWrapper.java:498) at com.ibm.ws.jsp.tagfile.webinf._test.doTag(_test.java:57) at com.ibm._jsp._PM12658._jspx_meth_t_test_0(_PM12658.java:119) at com.ibm._jsp._PM12658._jspService(_PM12658.java:97) at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:99) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server * * Traditional * * Profile version 9.0 and Liberty Profile * * version 16.0.0 users of JavaServer Pages * * (JSP) * **************************************************************** * PROBLEM DESCRIPTION: An AccessControlException is thrown on * * Solaris systems where the access is * * denied for Constants.JSP_SERVLET_BASE * * property. * **************************************************************** * RECOMMENDATION: * **************************************************************** An AccessControlException is thrown on Solaris systems where the access is denied for org.apache.jasper.Constants.JSP_SERVLET_BASE property when Java 2 Security is enabled. As a result, you will see the following issue: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "org.apache.jasper.Constants.JSP_SERVLET_BASE" "read") at java.security.AccessControlContext.checkPermission(AccessControl Context.java:472) at java.security.AccessController.checkPermission(AccessController. java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:5 49) at com.ibm.ws.security.core.SecurityManager.checkPermission(Securit yManager.java:208) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.ja va:1294) at java.lang.System.getProperty(System.java:753) at org.apache.jasper.Constants.<clinit>(Constants.java:36) at org.apache.jasper.el.ELContextImpl.<clinit> (ELContextImpl.java:83) at org.apache.jasper.runtime.JspApplicationContextImpl.createELCont ext(JspApplicationContextImpl.java:124) at org.apache.jasper.runtime.PageContextImpl.getELContext(PageConte xtImpl.java:837)
Problem conclusion
The JSP container was modified to fix the access control exception on the JSP_SERVLET_BASE property. The fix for this APAR is currently targeted for inclusion in fix pack 9.0.0.2 and 16.0.0.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI67034
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-08-05
Closed date
2016-08-30
Last modified date
2016-08-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R900 PSY
UP
Document Information
Modified date:
04 May 2022