IBM Support

PI79444: AccessControlException when using the servlet log method

Fixes are available

17.0.0.2: WebSphere Application Server Liberty 17.0.0.2
17.0.0.3: WebSphere Application Server Liberty 17.0.0.3
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Java 2 Security is enabled, a servlet calling the log
    method will result in the following AccessControlException:
    
    Exception = java.security.AccessControlException
    Source =
    com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFil
    ters
    probeid = 1105
    Stack Dump = java.security.AccessControlException: Access
    denied ("java.util.PropertyPermission"
    "com.ibm.servlet.engine.disableServletAuditLogging" "read")
    at
    java.security.AccessController.throwACE(AccessController.jav
    a:157)
    at
    java.security.AccessController.checkPermissionHelper(AccessC
    ontroller.java:217)
    at
    java.security.AccessController.checkPermission(AccessControl
    ler.java:349)
    at
    java.lang.SecurityManager.checkPermission(SecurityManager.ja
    va:562)
    at
    java.lang.SecurityManager.checkPropertyAccess(SecurityManage
    r.java:1307)
    at java.lang.System.getProperty(System.java:443)
    at java.lang.System.getProperty(System.java:427)
    at
    com.ibm.ws.webcontainer.webapp.WebApp.isDisableServletAuditL
    ogging(WebApp.java:3124)
    at
    com.ibm.ws.webcontainer.webapp.WebApp.log(WebApp.java:3393)
    at
    com.ibm.wsspi.webcontainer.facade.ServletContextFacade.log(S
    ervletContextFacade.java:217)
    at javax.servlet.GenericServlet.log(GenericServlet.java:189)
            ...
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty - Security                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: AccessControlException when using the   *
    *                      servlet log method                      *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When Java 2 Security is enabled, a servlet calling the log
    method will result in the following AccessControlException,
    
    Exception = java.security.AccessControlException
    Source =
    com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters
    probeid = 1105
    Stack Dump = java.security.AccessControlException: Access denied
    ("java.util.PropertyPermission"
    "com.ibm.servlet.engine.disableServletAuditLogging" "read")
    	at
    java.security.AccessController.throwACE(AccessController.java:15
    7)
    	at
    java.security.AccessController.checkPermissionHelper(AccessContr
    oller.java:217)
    	at
    java.security.AccessController.checkPermission(AccessController.
    java:349)
    	at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:5
    62)
    	at
    java.lang.SecurityManager.checkPropertyAccess(SecurityManager.ja
    va:1307)
    	at java.lang.System.getProperty(System.java:443)
    	at java.lang.System.getProperty(System.java:427)
    	at
    com.ibm.ws.webcontainer.webapp.WebApp.isDisableServletAuditLoggi
    ng(WebApp.java:3124)
    	at com.ibm.ws.webcontainer.webapp.WebApp.log(WebApp.java:3393)
    	at
    com.ibm.wsspi.webcontainer.facade.ServletContextFacade.log(Servl
    etContextFacade.java:217)
    	at javax.servlet.GenericServlet.log(GenericServlet.java:189)
            ...
    

Problem conclusion

  • The code was modified to perform the reading of the
    com.ibm.servlet.engine.disableServletAuditLogging property
    inside a doPrivileged block.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 17.0.0.2.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI79444

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-04-05

  • Closed date

    2017-04-12

  • Last modified date

    2017-04-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
19 October 2021