Troubleshooting:"Potential violation of Java 2 Security Permission" at startup (WebSphere 6.1)
Symptom
When V5.4 is deployed in WebSphere 6.1, and J2SE security is enabled, two separate exceptions will be logged during startup, each starting with:
[8/1/07 12:44:31:325 EDT] 0000001e SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.
These exceptions are each reported twice, with slightly different tracebacks (examples included at the bottom of this article).
Solution
Explanation
The first exception reports that the Process Commander classloaders that are being constructed have not been granted the com.ibm.oti.shared.SharedClassPermission
.
This is correct – in order for Process Commander to work properly, it should not receive this permission.
The second exception occurs due to the third-party product Apache Axis, which checks to see if it has write access to a configuration file. It correctly detects that it only has read access to this file, and sets its internal flags to avoid writing to the file. WebSphere reports this exception, even though it is a normal part of operation.
Resolution
These exceptions are expected, and do not impair Process Commander’s functionality. They can be ignored.
First Exception Example:
[8/1/07 12:44:31:325 EDT] 0000001e SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.
Permission:com.pega.pegarules.internal.bootstrap.PRBaseLoader : Access denied (com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.internal.bootstrap.PRBaseLoader read)
Code: com.pega.pegarules.internal.bootstrap.PRSecureLoader in {file:/C:/Program Files/IBM/WebSphere/AppServer6.1/profiles/ruledev/installedApps/wolsokxp2Node05Cell/prj2ee.ear/APP-INF/lib/prbootstrap.jar}
Stack Trace:java.security.AccessControlException: Access denied (com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.internal.bootstrap.PRBaseLoader read) at java.security.AccessController.checkPermission(AccessController.java:104)
Second Exception Example:
[8/1/07 12:44:36:091 EDT] 00000037 SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.
Permission:
prclient-config.wsdd : Access denied (java.io.FilePermission prclient-config.wsdd write)
Code:com.pega.apache.axis.configuration.FileProvider in {file:/C:/Program Files/IBM/WebSphere/AppServer6.1/profiles/ruledev/installedApps/wolsokxp2Node05Cell/prj2ee.ear/APP-INF/lib/prbootstrap.jar}
Stack Trace:java.security.AccessControlException: Access denied (java.io.FilePermission prclient-config.wsdd write) at java.security.AccessController.checkPermission(AccessController.java:104) at java.lang.SecurityManager.checkPermission(SecurityManager.java:547) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189) at java.lang.SecurityManager.checkWrite(SecurityManager.java:977) at java.io.File.canWrite(File.java:706) at com.pega.apache.axis.configuration.FileProvider.check(FileProvider.java:115) at com.pega.apache.axis.configuration.FileProvider.<init>(FileProvider.java:82) at com.pega.apache.axis.configuration.EngineConfigurationFactoryDefault.getClientEngineConfig(EngineConfigurationFactoryDefault.java:104) at com.pega.apache.axis.client.Service.getEngineConfiguration(Service.java:815) at com.pega.apache.axis.client.Service.getAxisClient(Service.java:106) at com.pega.apache.axis.client.Service.<init>(Service.java:115) at com.pega.apache.axis.client.Call.<init>(Call.java:338) at com.pega.pegarules.priv.util.SOAPAppenderPega.initializeConnection(SOAPAppenderPega.java:131) at com.pega.pegarules.priv.util.SOAPAppenderPega.sendEvent(SOAPAppenderPega.java:98) at com.pega.pegarules.priv.util.SOAPAppenderPega.append(SOAPAppenderPega.java:82) at com.pega.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:230) at com.pega.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66) at com.pega.apache.log4j.AsyncAppender$Dispatcher.run(AsyncAppender.java:578) at java.lang.Thread.run(Thread.java:801)
Code Base Location:
[8/1/07 12:44:36:200 EDT] 00000037 FileProvider I com.pega.apache.axis.configuration.FileProvider check Configuration file read-only so engine configuration changes will not be saved.