PK73009: SECJ0306E error seen in logs when Node Agent is shutdown, while global security is enabled

7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for IBM i
7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for AIX
7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for HP-UX
7.0.0.3: Java SDK 1.6 SR4 Cumulative Fix for WebSphere Application Server
7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for Solaris
7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for Linux
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for AIX
7.0.0.3: WebSphere Application Server V7.0 Fix Pack 3 for Windows
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for IBM i
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Windows
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for HP-UX
7.0.0.5: Java SDK 1.6 SR5 Cumulative Fix for WebSphere Application Server
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Solaris
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Linux
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for IBM i
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for AIX
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Windows
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for HP-UX
7.0.0.7: Java SDK 1.6 SR6 Cumulative Fix for WebSphere Application Server
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Solaris
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Linux
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for IBM i
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Windows
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for AIX
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for HP-UX
7.0.0.9: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Solaris
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Linux
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

APAR status

• Closed as program error.

Error description

• The following error message shows up in Node Agent logs when
  Node Agent is shutdown while global security is enabled:
  
  RoleBasedAuth E   SECJ0306E: No received or invocation
  credential exist on the thread. The Role based authorization
  check will not have an accessId of the caller to check.  The
  parameters are: access check
  method propagateNotifications:[Ljavax.management.Notification;
  on resource NotificationService and module NotificationService.
  
  The stack trace is:
  
  java.lang.Exception: Invocation and received credentials are
  both null
  at
  com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(Rol
  eBasedAu
  thorizerImpl.java:251)
  at
  com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImp
  l.java:1
  799)
  at
  com.ibm.ws.management.AdminServiceImpl.access$400(AdminServiceIm
  pl.java:
  101)
  at
  com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.ja
  va:988)
  at
  com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon
  troller.
  java:118)
  at
  com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.j
  ava:906)
  at
  com.ibm.ws.management.connector.AdminServiceDelegator.invoke(Adm
  inServic
  eDelegator.java:157)
  at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown
  Source)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
  Accessor
  Impl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at
  com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPCo
  nnector.
  java:345)
  at
  com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPC
  onnector
  .java:210)
  at
  com.ibm.ws.management.connector.soap.SOAPConnection.handleReques
  t(SOAPCo
  nnection.java:55)
  at
  com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnecti
  on.java:
  680)
  at
  com.ibm.ws.http.HttpConnection.run(HttpConnection.java:484)
  at
  com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1470)
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:  All users of WebSphere Application Server   *
  ****************************************************************
  * PROBLEM DESCRIPTION: When global security is enabled,        *
  *                      NodeAgent logs display SECJ0306E        *
  *                      error on NodeAgent shutdown.            *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  This behavior is observed when node agent shuts down while
  global security is enabled and application servers monitored
  by the node agent are running.
  
  Node agent logs would contain the following error message:
  
  RoleBasedAuth E   SECJ0306E:No received or invocation
  credential exist on the thread. The   Role based authorization
  check will not have an accessId of the caller to check.  The
  parameters are: access check method
  propagateNotifications:[Ljavax.management.Notification; on
  resource NotificationService and module NotificationService.
  The stack trace is java.lang.Exception: Invocation and
  received credentials are both null
  at
  com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(Rol
  eBasedAuthorizerImpl.java:251)
  at
  com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImp
  l.java:1799)
  at
  com.ibm.ws.management.AdminServiceImpl.access$400(AdminServiceIm
  pl.java:101)
  at
  com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.ja
  va:988)
  at
  com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon
  troller.java:118)
  at
  com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.j
  ava:906)
  at
  com.ibm.ws.management.connector.AdminServiceDelegator.invoke(Adm
  inServiceDelegator.java:157)
  at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
  AccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at
  com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPCo
  nnector.java:345)
  at
  com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPC
  onnector.java:210)
  at
  com.ibm.ws.management.connector.soap.SOAPConnection.handleReques
  t(SOAPConnection.java:55)
  at
  com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnecti
  on.java:680)
  at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:484)
  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1470)
  

Problem conclusion

• The errors occurred because admin code was invoking security
  code even after security service was stopped (as a part of
  NodeAgent shutdown). Code fix has been introduced to check
  state of SOAPConnector security before invoking its code.
  
  The fix for this APAR is currently targeted for inclusion in
  fixpacks 6.0.2.33, 6.1.0.23 and 7.0.0.3. Please refer to the
  Recommended Updates page for delivery information:
  http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WEBS APP SERV N

• Fixed component ID

  5724H8800

Applicable component levels

• R60A PSY

     UP

• R60H PSY

     UP

• R60I PSY

     UP

• R60P PSY

     UP

• R60S PSY

     UP

• R60W PSY

     UP

• R60Z PSY

     UP

• R61A PSY

     UP

• R61H PSY

     UP

• R61I PSY

     UP

• R61P PSY

     UP

• R61S PSY

     UP

• R61W PSY

     UP

• R61Z PSY

     UP

• R700 PSY

     UP