Skip to main content

"AccessControlException" or Java 2 Security Resolutions

In our current project we are working on RAD migration from 6.x.x RAD 7.5.4. As part of migration we have to enable security settings in Websphere application server for the deployed application.

We have enabled it and given proper credentials and configured other required settings and properties in the WAS. We started the server, but we have found the error in sustemOut.log the following error.

Exception:
FFDC closed incident stream file C:\Program Files\IBM\SDP\runtimes\base_v61\profiles\AppSrv05\logs\ffdc\server1_00000015_11.05.09_15.46.32_0.txt
[9-5-11 15:46:32:501 CEST] 00000015 SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.

Permission: \C:\workspaces\GRILL_Migration\GRILL_Clients\struts.jar : Access denied (java.io.FilePermission \C:\workspaces\GRILL_Migration\AIL_Clients\struts.jar read)

Code:     org.apache.struts.action.ActionServlet  in  {file:/C:/workspaces/GRILL_Migration/GRILL_Clients/struts.jar}

Stack Trace:
java.security.AccessControlException: Access denied (java.io.FilePermission \C:\workspaces\GRILL_Migration\GRILL_Clients\struts.jar read)
                at java.security.AccessController.checkPermission(AccessController.java:108)

                at java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
                at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
                at com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:470)
                at com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:457)
                at com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:449)
                at com.ibm.ws.classloader.CompoundClassLoader.findResource(CompoundClassLoader.java:823)
                at com.ibm.ws.classloader.CompoundClassLoader.getResource(CompoundClassLoader.java:787)
                at java.lang.Class.getResource(Class.java:1170)
                at org.apache.struts.action.ActionServlet.initServlet(ActionServlet.java:1412)
                at org.apache.struts.action.ActionServlet.init(ActionServlet.java:466)
                at javax.servlet.GenericServlet.init(GenericServlet.java:256)
                at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:218)
                at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:319)
                at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1250)
                at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:152)
                at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:99)

Solution :
But we didn’t face this exception without security settings. After pulling my hair with fingers again and again, finally we wanted to try by disabling the Java 2 security on server configuration menu in admin console. Later it started without the exception. This is due to we didn’t give proper privileges after enabling Java 2 Security. Actually this check is not required for project. But there is 2 important points which we need to keep in mind to enable Java 2 security option or not. Just check them below.
 
You can find this option in Admin Console - > Secure Administration, application, and infrastructure - > Configuration

The following are the two possible resolutions to the java.security.AccessControlException exception, I have observed these two points from IBM site.

1. If the application is calling a Java 2 Security protected API, then grant the required permissions to the application Java 2 Security policy.

2. If the application is NOT calling a Java 2 Security protected API directly and the required permissions are not granted because of a side-effect of the third party APIs accessing Java 2 Security protected resources. If the application is granted the required permission, it gains more access than it should. Then in this case, it is most likely that the third party code that is accessing the Java 2 Security protected resource is not properly marked as "privileged".
Labels:

Comments

Post a Comment

Popular posts from this blog

Asynchronous Vs. Synchronous Communications

Synchronous (One thread):   1 thread -> |<---A---->||<----B---------->||<------C----->| Synchronous (multi-threaded):   thread A -> |<---A---->| \ thread B ------------> ->|<----B---------->| \ thread C ----------------------------------> ->|<------C----->|
Post a Comment
Continue Reading >>>>

WebSphere MQ Interview Questions

What is MQ and what does it do? Ans. MQ stands for MESSAGE QUEUEING. WebSphere MQ allows application programs to use message queuing to participate in message-driven processing. Application programs can communicate across different platforms by using the appropriate message queuing software products. What is Message driven process? Ans . When messages arrive on a queue, they can automatically start an application using triggering. If necessary, the applications can be stopped when the message (or messages) have been processed. What are advantages of the MQ? Ans. 1. Integration. 2. Asynchrony 3. Assured Delivery 4. Scalability. How does it support the Integration? Ans. Because the MQ is independent of the Operating System you use i.e. it may be Windows, Solaris,AIX.It is independent of the protocol (i.e. TCP/IP, LU6.2, SNA, NetBIOS, UDP).It is not required that both the sender and receiver should be running on the same platform What is Asynchrony? Ans. With messag
11 comments
Continue Reading >>>>

Advantages & Disadvantages of Synchronous / Asynchronous Communications?

  Asynchronous Communication Advantages: Requests need not be targeted to specific server. Service need not be available when request is made. No blocking, so resources could be freed.  Could use connectionless protocol Disadvantages: Response times are unpredictable. Error handling usually more complex.  Usually requires connection-oriented protocol.  Harder to design apps Synchronous Communication Advantages: Easy to program Outcome is known immediately  Error recovery easier (usually)  Better real-time response (usually) Disadvantages: Service must be up and ready. Requestor blocks, held resources are “tied up”.  Usually requires connection-oriented protocol
Post a Comment
Continue Reading >>>>