IBM Support

PM29816; 6.1.0.35: Web Services requests fail with a Java 2 security exception

Download


Abstract

JAX-WS Web services applications may get Java 2 security violation when run in a Java 2 security enabled environment.

Download Description

PM29816 resolves the following problem:

ERROR DESCRIPTION:
APAR PM20957 introduced a Java 2 security exception with the following stack:
java.security.AccessControlException: Access denied
(org.osgi.framework.ServicePermission
com.ibm.wsspi.cluster.adapter.channel.
ChannelSelectionAdapter get)
at java.security.AccessController.
checkPermission(AccessController.java:103)
at java.lang.SecurityManager.checkPermission
(SecurityManager.java:558)
at com.ibm.ws.security.core.SecurityManager.
checkPermission(SecurityManager.java:214)
at org.eclipse.osgi.framework.internal.core.Framework.
checkGetServicePermission(Framework.java:1331)
at org.eclipse.osgi.framework.internal.core.Framework.
getServiceReferences(Framework.java:1187)
at org.eclipse.osgi.framework.internal.core.
BundleContextImpl.getServiceReference(
BundleContextImpl.java:757)
at com.ibm.wsspi.runtime.service.WsServiceRegistry.
getService(WsServiceRegistry.java:105)
at com.ibm.ws.websvcs.transport.http.
OutboundURLTargetResolver.identityToCFEndPoint(
OutboundURLTargetResolver.java:1092)
at com.ibm.ws.websvcs.transport.http.
OutboundURLTargetResolver.getOutboundTarget(
OutboundURLTargetResolver.java:370)
at com.ibm.ws.websvcs.transport.http.SOAPOverHTTPSender
.<init>(SOAPOverHTTPSender.java:1618)
at com.ibm.ws.websvcs.transport.http.
HTTPTransportSender.invoke(
HTTPTransportSender.java:301)
at org.apache.axis2.engine.AxisEngine.send(
AxisEngine.java:712)


LOCAL FIX:

PROBLEM SUMMARY

USERS AFFECTED:
All users of IBM WebSphere Application Server V6.1 with JAX-WS Web services with
Java 2 security enabled

PROBLEM DESCRIPTION:
JAX-WS Web services applications may get Java 2 security violation when
run in a Java 2 security enabled environment.

RECOMMENDATION:
Install a fix pack that includes this APAR.

A regression was introduced in WebSphere Application Server V6.1.0.35 that could cause a
java.security.AccessControlException when Java 2 Security is enabled. This problem affects only JAX-RPC Web Services applications that are installed on the application server, and the problem only occurs when one of the following conditions is true:

* WS-Addressing is enabled.

* The enableInProcessConnections Web Container property is
enabled on the server side.

* The Remote Request Dispatcher (RRD) Web Container extension
is enabled.

The following exception may appear in the SystemOut.log:

java.security.AccessControlException: Access denied
(org.osgi.framework.ServicePermission
com.ibm.wsspi.cluster.adapter.channel.ChannelSelectionAdapter
get)
at
java.security.AccessController.checkPermission(AccessController.
java:103)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:5
58)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(Securit
yManager.java:214)
at
org.eclipse.osgi.framework.internal.core.Framework.checkGetServi
cePermission(Framework.java:1331)
at
org.eclipse.osgi.framework.internal.core.Framework.getServiceRef
erences(Framework.java:1187)
at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.getSe
rviceReference(BundleContextImpl.java:757)
at
com.ibm.wsspi.runtime.service.WsServiceRegistry.getService(WsSer
viceRegistry.java:105)
at
com.ibm.ws.websvcs.transport.http.OutboundURLTargetResolver.iden
tityToCFEndPoint(OutboundURLTargetResolver.java:1092)
at
com.ibm.ws.websvcs.transport.http.OutboundURLTargetResolver.getO
utboundTarget(OutboundURLTargetResolver.java:370)
at
com.ibm.ws.websvcs.transport.http.SOAPOverHTTPSender.<init>(SOAP
OverHTTPSender.java:1618)
at
com.ibm.ws.websvcs.transport.http.HTTPTransportSender.invoke(HTT
PTransportSender.java:301)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:712)
...

PROBLEM CONCLUSION:
The JAX-WS code is corrected to prevent the Java 2 security exception.

The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.37. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?uid=swg21205991"}]

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"11483","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM29816/readme.txt"}]
On
[{"DNLabel":"6.1.0.35-WS-WAS-IFPM29816","DNDate":"2/10/2011","DNLang":"US English","DNSize":"38319","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/quickorder?fixids=6.1.0.35-WS-WAS-IFPM29816&product=ibm%2FWebSphere%2FWebSphere+Application+Server&source=dbluesearch","DNURL_FTP":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM29816/6.1.0.35-WS-WAS-IFPM29816.pak","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PM29816/6.1.0.35-WS-WAS-IFPM29816.pak"}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/support/entry/portal/Overview/Software/WebSphere/WebSphere_Application_Server), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Web Services (for example: SOAP or UDDI or WSGW or WSIF)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1.0.35","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24029181

Page Feedback