Fixes are available
PM10814; 7.0.0.5: Exception thrown obtaining connection from the connection pool
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
The following exception is seen when doing a receive call. The exception is: java.security.AccessControlException: Access denied (javax.security.auth.PrivateCredentialPermission com.ibm.ws.security.token.SingleSignonTokenImpl read) at java.security.AccessController.checkPermission(AccessController. java:108) at java.lang.SecurityManager.checkPermission(SecurityManager.java:5 33) at com.ibm.ws.security.core.SecurityManager.checkPermission(Securit yManager.java:211) at javax.security.auth.Subject$SecureSet$1.next(Subject.java:1228) at java.util.HashSet.(HashSet.java:76) at javax.security.auth.Subject.equals(Subject.java:1011) at com.ibm.ws.sib.processor.impl.ConnectionImpl.isEquivalentTo(Conn ectionImpl.java:3892) at com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnection.match(JmsJ caManagedConnection.java:1144) at com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnectionFactoryImpl .matchManagedConnections(JmsJcaManagedConnectionFactoryImpl.java :636)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of the default messaging provider for * * IBM WebSphere Application Server Version 7.0* **************************************************************** * PROBLEM DESCRIPTION: AccessControlException thrown * * obtaining a connection from the * * connection pool, when Java 2 and Bus * * security are both enabled * **************************************************************** * RECOMMENDATION: * **************************************************************** The AccessControlException is thrown due to an equals check being performed on the security Subject outside of a privileged action. The AccessControlException occurs when Bus security and Java 2 security are both enabled, and a connection is matched in the connection pool. The AccessControlException is likely to occur when doing a JMS receive call, but can occur for other JMS calls that requires enlistment in a transaction (or otherwise requires a connection to be matched from the pool).
Problem conclusion
The fix for this APAR resolves the problem by ensuring the equals method on the Subject is called with the correct Java 2 security privilege. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.11. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM10814
Reported component name
PLAT MSG COM
Reported component ID
620800101
Reported release
300
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-03-25
Closed date
2010-04-06
Last modified date
2010-04-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
PLAT MSG COM
Fixed component ID
620800101
Applicable component levels
R300 PSY
UP
Document Information
Modified date:
24 October 2021