IBM Support

PI87667: JAVA 2 SECURITY IS ENABLED BRIEFLY DURING WEBSPHERE APP SERVER FOR Z/OS SERVER STARTUP EVEN WHEN IT IS CONFIGURED OFF.

Fixes are available

8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A WebSphere Application Server for z/OS is configured with Java
    2 Security disabled. The server is configured to use the IBM
    SDK 8 JVM. When the customer installs the Omegamon JVM monitor
    agent, a java.security.AccessControlException error is
    encountered early in each of the server's servant region
    initialization.  Servers configured to use the IBM SDK 6 JVM do
    not see this error.
    

Local fix

  • update the server.policy as outlined by link "https://www.ibm.
    com/support/knowledgecenter/en/SS2JNN_5.3.0/com.ibm.omegamon_xez
    os.doc_5.3.0/jvm/trouble_was.htm". See edit instruction below.
    Edit server.policy and add the following lines to the end of
    the file.
    grant codeBase "file:Java_agent_jar" {
      permission java.security.AllPermission;
    };
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All Z/OS users of IBM WebSphere Application *
    *                  Server V8.5 and later                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: Java2Security is enabled briefly        *
    *                      during AppServer startup even it is     *
    *                      configured off.                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Java2Security is enabled briefly
    during AppServer startup even it is
    configured off.
    

Problem conclusion

  • Do not set Declipse.security on all jvm.options file when
    Java2Security is configured off.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.14 and 9.0.0.7.  Please refer to the Recommended
    Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI87667

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-09-20

  • Closed date

    2017-11-08

  • Last modified date

    2017-11-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 May 2022