IBM Support

PI79444: AccessControlException when using the servlet log method

Fixes are available

17.0.0.2: WebSphere Application Server Liberty 17.0.0.2
17.0.0.3: WebSphere Application Server Liberty 17.0.0.3
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12
21.0.0.3: WebSphere Application Server Liberty 21.0.0.3
21.0.0.4: WebSphere Application Server Liberty 21.0.0.4
21.0.0.5: WebSphere Application Server Liberty 21.0.0.5
21.0.0.6: WebSphere Application Server Liberty 21.0.0.6
21.0.0.7: WebSphere Application Server Liberty 21.0.0.7
21.0.0.8: WebSphere Application Server Liberty 21.0.0.8
21.0.0.9: WebSphere Application Server Liberty 21.0.0.9
21.0.0.1: WebSphere Application Server Liberty 21.0.0.1
21.0.0.2: WebSphere Application Server Liberty 21.0.0.2
21.0.0.10: WebSphere Application Server Liberty 21.0.0.10
21.0.0.11: WebSphere Application Server Liberty 21.0.0.11
21.0.0.12: WebSphere Application Server Liberty 21.0.0.12
22.0.0.1: WebSphere Application Server Liberty 22.0.0.1
22.0.0.2: WebSphere Application Server Liberty 22.0.0.2
22.0.0.3: WebSphere Application Server Liberty 22.0.0.3
22.0.0.4: WebSphere Application Server Liberty 22.0.0.4

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Java 2 Security is enabled, a servlet calling the log
method will result in the following AccessControlException:

Exception = java.security.AccessControlException
Source =
com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFil
ters
probeid = 1105
Stack Dump = java.security.AccessControlException: Access
denied ("java.util.PropertyPermission"
"com.ibm.servlet.engine.disableServletAuditLogging" "read")
at
java.security.AccessController.throwACE(AccessController.jav
a:157)
at
java.security.AccessController.checkPermissionHelper(AccessC
ontroller.java:217)
at
java.security.AccessController.checkPermission(AccessControl
ler.java:349)
at
java.lang.SecurityManager.checkPermission(SecurityManager.ja
va:562)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManage
r.java:1307)
at java.lang.System.getProperty(System.java:443)
at java.lang.System.getProperty(System.java:427)
at
com.ibm.ws.webcontainer.webapp.WebApp.isDisableServletAuditL
ogging(WebApp.java:3124)
at
com.ibm.ws.webcontainer.webapp.WebApp.log(WebApp.java:3393)
at
com.ibm.wsspi.webcontainer.facade.ServletContextFacade.log(S
ervletContextFacade.java:217)
at javax.servlet.GenericServlet.log(GenericServlet.java:189)
        ...

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server Liberty - Security                   *
****************************************************************
* PROBLEM DESCRIPTION: AccessControlException when using the   *
*                      servlet log method                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When Java 2 Security is enabled, a servlet calling the log
method will result in the following AccessControlException,

Exception = java.security.AccessControlException
Source =
com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters
probeid = 1105
Stack Dump = java.security.AccessControlException: Access denied
("java.util.PropertyPermission"
"com.ibm.servlet.engine.disableServletAuditLogging" "read")
	at
java.security.AccessController.throwACE(AccessController.java:15
7)
	at
java.security.AccessController.checkPermissionHelper(AccessContr
oller.java:217)
	at
java.security.AccessController.checkPermission(AccessController.
java:349)
	at
java.lang.SecurityManager.checkPermission(SecurityManager.java:5
62)
	at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.ja
va:1307)
	at java.lang.System.getProperty(System.java:443)
	at java.lang.System.getProperty(System.java:427)
	at
com.ibm.ws.webcontainer.webapp.WebApp.isDisableServletAuditLoggi
ng(WebApp.java:3124)
	at com.ibm.ws.webcontainer.webapp.WebApp.log(WebApp.java:3393)
	at
com.ibm.wsspi.webcontainer.facade.ServletContextFacade.log(Servl
etContextFacade.java:217)
	at javax.servlet.GenericServlet.log(GenericServlet.java:189)
        ...

    



Problem conclusion


    

  • The code was modified to perform the reading of the
com.ibm.servlet.engine.disableServletAuditLogging property
inside a doPrivileged block.

The fix for this APAR is currently targeted for inclusion in fix
pack 17.0.0.2.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI79444
    • 

  • Reported component name
    WAS LIBERTY COR
    • 

  • Reported component ID
    5725L2900
    • 

  • Reported release
    855
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-04-05
    • 

  • Closed date
    2017-04-12
    • 

  • Last modified date
    2017-04-12
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WAS LIBERTY COR
    • 

  • Fixed component ID
    5725L2900
    • 



Applicable component levels


    

  • R855  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 May 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback