Fixes are available
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
Obtain the fix for this APAR.
APAR status
Closed as program error.
Error description
Deploymentmanager CR experiences SECJ6022E when they enabled security SMF records Trace: 2009/11/20 15:08:02.637 01 t=7A8CF0 c=UNK key=S2 (13007002) ThreadId: 0000001c FunctionName: com.ibm.ws.security.audit.AuditServiceImpl SourceId: com.ibm.ws.security.audit.AuditServiceImpl Category: SEVERE ExtendedMessage: BBOO0220E: SECJ6022E: AuditServiceProvider malfunction when security auditing is required, Provider Exception = om.ibm.websphere.security.ProviderFailureException: SAF RC=8, RACF RC=12, RACF Reason=24 com.ibm.ws.security.audit.zOS.SMFEmitterImpl.sendEvent(SMFEmitte com.ibm.ws.security.audit.AuditServiceImpl.sendEvent(AuditServic com.ibm.ws.security.audit.AuditEventFactoryImpl.sendEvent(AuditE com.ibm.ws.security.audit.AuditServiceImpl.sendEvent(AuditServic com.ibm.websphere.management.authorizer.SecurityAuditingHelper.l curityAuditForMBean(SecurityAuditingHelper.java:292) com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImp com.ibm.ws.management.AdminServiceImpl.access$400(AdminServiceIm com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.ja com.ibm.ws.security.util.AccessController.doPrivileged(AccessCon com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.j com.ibm.ws.management.connector.AdminServiceDelegator.invoke(Adm rviceDelegator.java:181) .at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod .at java.lang.reflect.Method.invoke(Method.java:600) com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPCo com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPC com.ibm.ws.management.connector.soap.SOAPConnection.handleReques com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnecti .at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:522) .at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM WebSphere Application Server * * V7.0 who are using SMF auditing. * **************************************************************** * PROBLEM DESCRIPTION: Audit record exceeds the SMF * * relocation threshhold size of 20480, * * causing the record not to be written. * **************************************************************** * RECOMMENDATION: * **************************************************************** SMF has a threshhold size limit of 20480 for any relocates added. If an audit record exceeds that size, there will be a failure to write the record to SMF and an exception will be generated: ExtendedMessage: BBOO0220E: SECJ6022E: AuditServiceProvider malfunction when security auditing is required, Provider Exception = c om.ibm.websphere.security.ProviderFailureException: SAF RC=8, RACF RC=12, RACF Reason=24
Problem conclusion
A custom property is introduced, com.ibm.audit.field.length.limit, which will allow users to define their maximum size for any variable length audit field in the audit record. This will only apply if the SMF threshhold limit of 20480 is exceeded. By default, the truncation will occur at 128 bytes for any variable-length audit field, unless another value is specified via the custom property. The maximum length that can be specified via the custom property is 512 bytes, to ensure that the the SMF audit record will always be recorded. Valid ranges for this custom property range from 1 to 512. APAR PM16362 requires changes to documentation. NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at: http://www.ibm.com/software/webservers/appserv/library The following Change to the WebSphere Application Server Version 7.0 Information Center will be made available in October 2010. The topic Security custom properties will be updated to include the following description of the new com.ibm.audit.field.length.limit custom property: com.ibm.audit.field.length.limit This property only applies to the SMF Emitter implementation that IBM provides for the Security Auditing feature. You can use this property to specify, in bytes, the length at which variable-length audit data is truncated. By default, if this custom property is not specified, and the threshold limit of 20480 is exceeded, variable-length audit data fields are truncated to 128 bytes. Avoid Trouble: You must use the modifyAuditEmitter command for the AdminTask object to enable this custom problem. See the topic AuditEmitterCommands for the AdminTask object for a description of how to use this command. The SMF relocation data has a threshold size limit of 20480 bytes. If the audit data exceeds this limit, the audit data is truncated to prevent the loss of audit records. Default 20480 Type An integer between 1 and 512 APAR PM16362 is currently targeted for inclusion in Service Level (Fix Pack) 7.0.0.13 of WebSphere Application Server V7.0. Please refer to URL: //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack availability.
Temporary fix
Comments
APAR Information
APAR number
PM16362
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-06-11
Closed date
2010-07-28
Last modified date
2010-11-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R700 PSY UK61114
UP10/10/21 P F010
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
Document Information
Modified date:
25 October 2021