IBM Support

PM10814: ACCESSCONTROLEXCEPTION THROWN WHEN DOING A JMS RECEIVE CALL USING SIBUS WITH BUS SECURITY ON.

Fixes are available

PM10814; 7.0.0.5: Exception thrown obtaining connection from the connection pool
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The following exception is seen when doing a receive call. The
exception is:

 java.security.AccessControlException: Access denied
(javax.security.auth.PrivateCredentialPermission
com.ibm.ws.security.token.SingleSignonTokenImpl read)
 at
java.security.AccessController.checkPermission(AccessController.
java:108)
 at
java.lang.SecurityManager.checkPermission(SecurityManager.java:5
33)
 at
com.ibm.ws.security.core.SecurityManager.checkPermission(Securit
yManager.java:211)
 at
javax.security.auth.Subject$SecureSet$1.next(Subject.java:1228)
 at java.util.HashSet.(HashSet.java:76)
 at javax.security.auth.Subject.equals(Subject.java:1011)
 at
com.ibm.ws.sib.processor.impl.ConnectionImpl.isEquivalentTo(Conn
ectionImpl.java:3892)
 at
com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnection.match(JmsJ
caManagedConnection.java:1144)
 at
com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnectionFactoryImpl
.matchManagedConnections(JmsJcaManagedConnectionFactoryImpl.java
:636)

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  Users of the default messaging provider for *
*                  IBM WebSphere Application Server Version 7.0*
****************************************************************
* PROBLEM DESCRIPTION: AccessControlException thrown           *
*                      obtaining a connection from the         *
*                      connection pool, when Java 2 and Bus    *
*                      security are both enabled               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The AccessControlException is thrown due to an equals check
being performed  on the security Subject outside of a
privileged action.

The AccessControlException occurs when Bus security and Java 2
security are both enabled, and a connection is matched in the
connection pool.  The AccessControlException is likely to occur
when doing a JMS receive call, but can occur for other JMS
calls that requires enlistment in a transaction (or otherwise
requires a connection to be matched from the pool).

    



Problem conclusion


    

  • The fix for this APAR resolves the problem by ensuring the
equals method on the Subject is called with the correct Java 2
security privilege.

The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.11.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM10814
    • 

  • Reported component name
    PLAT MSG COM
    • 

  • Reported component ID
    620800101
    • 

  • Reported release
    300
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2010-03-25
    • 

  • Closed date
    2010-04-06
    • 

  • Last modified date
    2010-04-12
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    PLAT MSG COM
    • 

  • Fixed component ID
    620800101
    • 



Applicable component levels


    

  • R300  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            24 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback