IBM Support

PI78633: Access control exception due to read permission of a property from Cookie class

Fixes are available

17.0.0.2: WebSphere Application Server Liberty 17.0.0.2
17.0.0.3: WebSphere Application Server Liberty 17.0.0.3
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a new javax.servlet.http.Cookie is created, an
    AccessControlException is thrown due to a read permission of
    property "org.glassfish.web.rfc2109_cookie_names_enforced".
    
    Example:
    
    java.lang.ExceptionInInitializerError
    at
    com.ibm.ws.webcontainer.session.impl.SessionAffinityManagerI
    mpl.setCookie(SessionAffinityManagerImpl.java:414)
    at
    com.ibm.ws.session.SessionManager.adaptAndSetCookie(SessionM
    anager.java:760)
    at
    com.ibm.ws.session.SessionManager.createSession(SessionManag
    er.java:728)
    at
    com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.
    getIHttpSession(HttpSessionContextImpl.java:521)
    at
    com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.
    getIHttpSession(HttpSessionContextImpl.java:640)
    at
    com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRT
    RequestContext.java:105)
    at
    com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRT
    ServletRequest.java:2251)
    at
    com.ibm.ws.webcontainer40.srt.SRTServletRequest40.getSession
    (SRTServletRequest40.java:121)
    at
    servlets.PushBuilderAPIServlet.service(PushBuilderAPIServlet
    .java:81)
    at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.service(Servl
    etWrapper.java:1290)
    at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest
    (ServletWrapper.java:778)
    at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest
    (ServletWrapper.java:475)
        ...
        at java.lang.Thread.run(Thread.java:745)
    Caused by: java.security.AccessControlException: access
    denied ("java.util.PropertyPermission"
    "org.glassfish.web.rfc2109_cookie_names_enforced" "read")
    at
    java.security.AccessControlContext.checkPermission(AccessCon
    trolContext.java:472)
    at
    java.security.AccessController.checkPermission(AccessControl
    ler.java:884)
    at
    java.lang.SecurityManager.checkPermission(SecurityManager.ja
    va:549)
    at
    java.lang.SecurityManager.checkPropertyAccess(SecurityManage
    r.java:1294)
        at java.lang.System.getProperty(System.java:753)
        at javax.servlet.http.Cookie.<clinit>(Cookie.java:115)
    &#160;
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty - Web Container              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Access control exception due to read    *
    *                      permission of a property from Cookie    *
    *                      class                                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a new javax.servlet.http.Cookie is created, an
    AccessControlException is thrown due to a read permission of
    property "org.glassfish.web.rfc2109_cookie_names_enforced".
    
    Example:
    
    java.lang.ExceptionInInitializerError
        at
    com.ibm.ws.webcontainer.session.impl.SessionAffinityManagerImpl.
    setCookie(SessionAffinityManagerImpl.java:414)
        at
    com.ibm.ws.session.SessionManager.adaptAndSetCookie(SessionManag
    er.java:760)
        at
    com.ibm.ws.session.SessionManager.createSession(SessionManager.j
    ava:728)
        at
    com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.getI
    HttpSession(HttpSessionContextImpl.java:521)
        at
    com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.getI
    HttpSession(HttpSessionContextImpl.java:640)
        at
    com.ibm.ws.webcontainer.srt.SRTRequestContext.getSession(SRTRequ
    estContext.java:105)
        at
    com.ibm.ws.webcontainer.srt.SRTServletRequest.getSession(SRTServ
    letRequest.java:2251)
        at
    com.ibm.ws.webcontainer40.srt.SRTServletRequest40.getSession(SRT
    ServletRequest40.java:121)
        at
    servlets.PushBuilderAPIServlet.service(PushBuilderAPIServlet.jav
    a:81)
        at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWr
    apper.java:1290)
        at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser
    vletWrapper.java:778)
        at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser
    vletWrapper.java:475)
        ...
        at java.lang.Thread.run(Thread.java:745)
    Caused by: java.security.AccessControlException: access denied
    ("java.util.PropertyPermission"
    "org.glassfish.web.rfc2109_cookie_names_enforced" "read")
        at
    java.security.AccessControlContext.checkPermission(AccessControl
    Context.java:472)
        at
    java.security.AccessController.checkPermission(AccessController.
    java:884)
        at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:5
    49)
        at
    java.lang.SecurityManager.checkPropertyAccess(SecurityManager.ja
    va:1294)
        at java.lang.System.getProperty(System.java:753)
        at javax.servlet.http.Cookie.<clinit>(Cookie.java:115)
    

Problem conclusion

  • The WebContainer code was updated to fix the access control
    exception when creating a new Cookie.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 17.0.0.2.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI78633

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-03-22

  • Closed date

    2017-03-28

  • Last modified date

    2017-03-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
19 October 2021