Skip to main content

"AccessControlException" or Java 2 Security Resolutions

In our current project we are working on RAD migration from 6.x.x RAD 7.5.4. As part of migration we have to enable security settings in Websphere application server for the deployed application.

We have enabled it and given proper credentials and configured other required settings and properties in the WAS. We started the server, but we have found the error in sustemOut.log the following error.

Exception:
FFDC closed incident stream file C:\Program Files\IBM\SDP\runtimes\base_v61\profiles\AppSrv05\logs\ffdc\server1_00000015_11.05.09_15.46.32_0.txt
[9-5-11 15:46:32:501 CEST] 00000015 SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.

Permission: \C:\workspaces\GRILL_Migration\GRILL_Clients\struts.jar : Access denied (java.io.FilePermission \C:\workspaces\GRILL_Migration\AIL_Clients\struts.jar read)

Code:     org.apache.struts.action.ActionServlet  in  {file:/C:/workspaces/GRILL_Migration/GRILL_Clients/struts.jar}

Stack Trace:
java.security.AccessControlException: Access denied (java.io.FilePermission \C:\workspaces\GRILL_Migration\GRILL_Clients\struts.jar read)
                at java.security.AccessController.checkPermission(AccessController.java:108)

                at java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
                at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
                at com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:470)
                at com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:457)
                at com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:449)
                at com.ibm.ws.classloader.CompoundClassLoader.findResource(CompoundClassLoader.java:823)
                at com.ibm.ws.classloader.CompoundClassLoader.getResource(CompoundClassLoader.java:787)
                at java.lang.Class.getResource(Class.java:1170)
                at org.apache.struts.action.ActionServlet.initServlet(ActionServlet.java:1412)
                at org.apache.struts.action.ActionServlet.init(ActionServlet.java:466)
                at javax.servlet.GenericServlet.init(GenericServlet.java:256)
                at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:218)
                at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:319)
                at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1250)
                at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:152)
                at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:99)

Solution :
But we didn’t face this exception without security settings. After pulling my hair with fingers again and again, finally we wanted to try by disabling the Java 2 security on server configuration menu in admin console. Later it started without the exception. This is due to we didn’t give proper privileges after enabling Java 2 Security. Actually this check is not required for project. But there is 2 important points which we need to keep in mind to enable Java 2 security option or not. Just check them below.
 
You can find this option in Admin Console - > Secure Administration, application, and infrastructure - > Configuration

The following are the two possible resolutions to the java.security.AccessControlException exception, I have observed these two points from IBM site.

1. If the application is calling a Java 2 Security protected API, then grant the required permissions to the application Java 2 Security policy.

2. If the application is NOT calling a Java 2 Security protected API directly and the required permissions are not granted because of a side-effect of the third party APIs accessing Java 2 Security protected resources. If the application is granted the required permission, it gains more access than it should. Then in this case, it is most likely that the third party code that is accessing the Java 2 Security protected resource is not properly marked as "privileged".
Labels:

Comments

Post a Comment

Popular posts from this blog

Advantages & Disadvantages of Synchronous / Asynchronous Communications?

  Asynchronous Communication Advantages: Requests need not be targeted to specific server. Service need not be available when request is made. No blocking, so resources could be freed.  Could use connectionless protocol Disadvantages: Response times are unpredictable. Error handling usually more complex.  Usually requires connection-oriented protocol.  Harder to design apps Synchronous Communication Advantages: Easy to program Outcome is known immediately  Error recovery easier (usually)  Better real-time response (usually) Disadvantages: Service must be up and ready. Requestor blocks, held resources are “tied up”.  Usually requires connection-oriented protocol
Post a Comment
Continue Reading >>>>

WebSphere MQ Interview Questions

What is MQ and what does it do? Ans. MQ stands for MESSAGE QUEUEING. WebSphere MQ allows application programs to use message queuing to participate in message-driven processing. Application programs can communicate across different platforms by using the appropriate message queuing software products. What is Message driven process? Ans . When messages arrive on a queue, they can automatically start an application using triggering. If necessary, the applications can be stopped when the message (or messages) have been processed. What are advantages of the MQ? Ans. 1. Integration. 2. Asynchrony 3. Assured Delivery 4. Scalability. How does it support the Integration? Ans. Because the MQ is independent of the Operating System you use i.e. it may be Windows, Solaris,AIX.It is independent of the protocol (i.e. TCP/IP, LU6.2, SNA, NetBIOS, UDP).It is not required that both the sender and receiver should be running on the same platform What is Asynchrony? Ans. With messag
11 comments
Continue Reading >>>>

XML Binding with JAXB 2.0 - Tutorial

Java Architecture for XML Binding (JAXB) is an API/framework that binds XML schema to Java representations. Java objects may then subsequently be used to marshal or unmarshal XML documents. Marshalling an XML document means creating an XML document from Java objects. Unmarshalling means creating creating a Java representation of an XML document (or, in effect, the reverse of marshaling). You retrieve the element and attribute values of the XML document from the Java representation. The JAXB 2.0 specification is implemented in JWSDP 2.0. JAXB 2.0 has some new features, which facilitate the marshalling and unmarshalling of an XML document. JAXB 2.0 also allows you to map a Java object to an XML document or an XML Schema. Some of the new features in JAXB 2.0 include: Smaller runtime libraries are required for JAXB 2.0, which require lesser runtime memory. Significantly, fewer Java classes are generated from a schema, compared to JAXB 1.0. For each top-level complexType, 2.0 generates a v
Post a Comment
Continue Reading >>>>