IBM Support

PK88807: SECJ0305I, ADMN0022E EXCEPTIONS IN APPSERVER AND NODE AGENT DURING APPSERVER SHUTDOWN

Fixes are available

Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SECJ0305I, ADMN0022E EXCEPTIONS IN APPSERVER AND NODE AGENT LOGS
DURING APP SERVER SHUTDOWN

The Application server is sending the mbean (statusCache)
request to the Node Agent too late in the process of its
shutdown.

Traces show the App Server has stopped:

09.26.36 BBOO0222I: WSVR0024I: Server CONTROL PROCESS
BBOS001 stopped
09.26.37 BBOO0002I WEBSPHERE FOR Z/OS CONTROL PROCESS
BBOS001 ENDED NORMALLY.

And the Node Agent receiving SECJ0305I and ADMN0022E exceptions
after the App Server's control region has stopped:

Trace: 2009/04/23 09:26:37.290 01 t=9B1B58 c=UNK key=P2
(13007002)
ThreadId: 00000581
FunctionName:
com.ibm.ws.security.role.RoleBasedAuthorizerImpl
SourceId: com.ibm.ws.security.role.RoleBasedAuthorizerImpl
Category: AUDIT
ExtendedMessage: BBOO0222I: SECJ0305I: The role-based
authorization check failed for admin-authz operation
StatusCache:placeReport
:com.ibm.ws.management.status.StatusReport.  The user xxxxxx
(unique ID: xxxxxx) was not granted any of the following
required roles: administrator, operator.

and

Trace: 2009/04/23 09:26:37.364 01 t=9B1B58 c=UNK key=P2
(13007002)
ThreadId: 00000581
FunctionName: com.ibm.ws.management.AdminServiceImpl
SourceId: com.ibm.ws.management.AdminServiceImpl
Category: FINEST
ExtendedMessage: invoke method throws exception;
com.ibm.websphere.management.exception.AdminException:
javax.management.JMRuntime
Exception: ADMN0022E: Access is denied for the placeReport
operation on
StatusCache MBean because of insufficient or empty
credentials.
at
com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl
.java(Compiled Code))
at
com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon
troller.java(Compiled Code))
at
com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl
.java(Compiled Code))
at
com.ibm.ws.management.connector.AdminServiceDelegator.invoke(Adm
inServiceDelegator.java(Compiled Code))
at
sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
AccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at
com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPCo
nnector.java(Compiled Code))
at
com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPC
onnector.java(Compiled Code))
at
com.ibm.ws.management.connector.soap.SOAPConnection.handleReques
t(SOAPConnection.java(Compiled Code))
at
com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnecti
on.java(Compiled Code))
at
com.ibm.ws.http.HttpConnection.run(HttpConnection.java(Compiled
Code))
at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled
Code))
Caused by: javax.management.JMRuntimeException: ADMN0022E:
Access is denied for the placeReport operation on StatusCache
MBean because of insufficient or empty credentials.
at
com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImp
l.java(C
ompiled Code))
at
com.ibm.ws.management.AdminServiceImpl.access$400(AdminServiceIm
pl.java(Inlined Compiled Code))
... 13 more

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server V6.1.0 for z/OS                      *
****************************************************************
* PROBLEM DESCRIPTION: A status report is sent by the          *
*                      application server to the parent        *
*                      process (nodeagent) late in shutdown    *
*                      processing.  If the security server     *
*                      has already terminated, then security   *
*                      exceptions may be seen.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
As part of shutdown of the application server, the following
may be seen in the nodeagent process log:
ExtendedMessage: BBOO0222I: SECJ0305I: The role-based
authorization check failed for admin-authz operation StatusCache
:placeReport:com.ibm.ws.management.status.StatusReport.  The
user xxxxxxx (unique ID: xxxxxxx) was not granted any of the
following required roles: administrator, operator.

    



Problem conclusion


    

  • The code has been modified such that, if the security server has
been shutdown, then a status report is not sent to the nodeagent
by the application server.

APAR PK88807 is currently targeted for inclusion in Service
Level (Fix Pack) 6.1.0.27 of WebSphere Application Server V6.1.

Please refer to URL:
//www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
for Fix Pack availability.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK88807
    • 

  • Reported component name
    WEBSPHERE FOR Z
    • 

  • Reported component ID
    5655I3500
    • 

  • Reported release
    610
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2009-06-12
    • 

  • Closed date
    2009-06-25
    • 

  • Last modified date
    2009-10-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
PK88809
    

    • 



Fix information


    

  • Fixed component name
    WEBSPHERE FOR Z
    • 

  • Fixed component ID
    5655I3500
    • 



Applicable component levels


    

  • R610  PSY  UK49671
       UP09/09/21  P  F909
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            28 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback