Access denied reading java.util.Permissions - websphere

we are using websphere 17 for a web application based on eclipse-link as persistence layer. Application works fine but after a while (during user activity) we got this kind of error that forces us to restart of server.
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: Access denied ("java.util.PropertyPermission" "oracle.jdbc.sqlTranslationProfile" "read")
Error Code: 0
what is the meaning of this error ?
From what I understood this error happens because there is no reading access to that property. But this could be due to security manager. Problem is I would expect any security manager set by websphere and for sure we are not creating any custom security manager. Security manager should not exist at all in our application. So, who is setting it ? Or am I missing something ?
Following is the full stacktrace:
Internal Exception: java.sql.SQLException: Access denied ("java.util.PropertyPermission" "oracle.jdbc.sqlTranslationProfile" "read")
Error Code: 0
at org.eclipse.persistence.exceptions.DatabaseException.sqlException(DatabaseException.java:316)
at org.eclipse.persistence.sessions.JNDIConnector.connect(JNDIConnector.java:147)
at org.eclipse.persistence.sessions.DatasourceLogin.connectToDatasource(DatasourceLogin.java:162)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.setOrDetectDatasource(DatabaseSessionImpl.java:207)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.loginAndDetectDatasource(DatabaseSessionImpl.java:760)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryProvider.login(EntityManagerFactoryProvider.java:265)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:731)
... 83 common frames omitted
Caused by: java.sql.SQLException: Access denied ("java.util.PropertyPermission" "oracle.jdbc.sqlTranslationProfile" "read")
at com.ibm.ws.rsadapter.AdapterUtil.toSQLException(AdapterUtil.java:822)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:152)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:116)
at org.eclipse.persistence.sessions.JNDIConnector.connect(JNDIConnector.java:135)
... 88 common frames omitted
Caused by: javax.resource.spi.ResourceAllocationException: Access denied ("java.util.PropertyPermission" "oracle.jdbc.sqlTranslationProfile" "read")
at com.ibm.ejs.j2c.FreePool.createManagedConnectionWithMCWrapper(FreePool.java:1576)
at com.ibm.ejs.j2c.FreePool.createOrWaitForConnection(FreePool.java:1228)
at com.ibm.ejs.j2c.PoolManager.reserve(PoolManager.java:1434)
at com.ibm.ejs.j2c.ConnectionManager.allocateMCWrapper(ConnectionManager.java:573)
at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionManager.java:309)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:143)
... 90 common frames omitted
Caused by: java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "oracle.jdbc.sqlTranslationProfile" "read")
at java.security.AccessController.throwACE(AccessController.java:176)
at java.security.AccessController.checkPermissionHelper(AccessController.java:237)
at java.security.AccessController.checkPermission(AccessController.java:373)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:562)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1307)
at java.lang.System.getProperty(System.java:456)
at oracle.jdbc.driver.GeneratedPhysicalConnection$1.run(GeneratedPhysicalConnection.java:84)
at java.security.AccessController.doPrivileged(AccessController.java:640)
at oracle.jdbc.driver.GeneratedPhysicalConnection.getSystemProperty(GeneratedPhysicalConnection.java:82)
at oracle.jdbc.driver.GeneratedPhysicalConnection.getSystemPropertySqlTranslationProfile(GeneratedPhysicalConnection.java:46)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:555)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:317)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:241)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:164)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:102)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:79)
at com.ibm.ws.rsadapter.impl.DatabaseHelper$1.run(DatabaseHelper.java:949)
at java.security.AccessController.doPrivileged(AccessController.java:696)
at com.ibm.ws.rsadapter.impl.DatabaseHelper.getPooledConnection(DatabaseHelper.java:958)
at com.ibm.ws.rsadapter.impl.WSManagedConnectionFactoryImpl.getConnection(WSManagedConnectionFactoryImpl.java:810)
at com.ibm.ws.rsadapter.impl.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:656)
at com.ibm.ejs.j2c.FreePool.createManagedConnectionWithMCWrapper(FreePool.java:1354)
... 95 common frames omitted
thanks for any help,

The websphere.java.security property in bootstrap.properties controls whether Java 2 Security is enabled in Liberty.
When running with Java 2 Security enabled, here is an example server config snippet (for server.xml file) of how to grant permission for the oracle JDBC driver to read System properties that begin with "oracle.jdbc.",
<javaPermission codebase="C:/drivers/oracle/ojdbc7.jar" className="java.util.PropertyPermission" actions="read" name="oracle.jdbc.*"/>

Related

IllegalStateException: 403 error on Sonarcube via VPN

Sonarcube server is behind our company VPN server. If I connect to VPN, I can access sonar in browser without any issues. But while connecting from sonarCLI or IntelliJ plugin getting the following error
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
... 155 more
Caused by: java.lang.IllegalStateException: Status returned by url [https://sonarqube.ourtesco.com/batch/index] is not valid: [403]
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:118)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
... 158 more
Adding a proxy while connecting to the server solved the issue.

Trying java client for secure connection with Kerberose on CDP 7.1

Trying java client for secure connection with Kerberose on CDP 7.1 but it is failing to connect.
can someone one help with this error.
Caused by: java.io.IOException: java.lang.RuntimeException: Found no valid authentication method from options
at org.apache.hadoop.hbase.ipc.IPCUtil.toIOE(IPCUtil.java:154)
... 13 more
Caused by: java.lang.RuntimeException: Found no valid authentication method from options
at org.apache.hadoop.hbase.ipc.RpcConnection.<init>(RpcConnection.java:112)
at org.apache.hadoop.hbase.ipc.NettyRpcConnection.<init>(NettyRpcConnection.java:89)
at org.apache.hadoop.hbase.ipc.NettyRpcClient.createConnection(NettyRpcClient.java:74)
at org.apache.hadoop.hbase.ipc.NettyRpcClient.createConnection(NettyRpcClient.java:40)
at org.apache.hadoop.hbase.ipc.AbstractRpcClient.getConnection(AbstractRpcClient.java:350)
at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callMethod(AbstractRpcClient.java:419)
... 12 more

Spring boot enable Https : SSL Keystore Error

I am trying to enable https in my spring boot application but getting 'Keystore was tampered with, or password was incorrect' error. Following are the below configuration i have in my application properties file.
server.port=8083
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=C:\\Users\\abc.jks
server.ssl.key-store-password=C:\\Users\\password.txt
However when i am using TomcatServletWebServerFactory to redirect http to https with the below configuration in application properties it works fine without any issue. application starts on http 8081 and https 8083 ports.
server.port=8083
http.server.port= 8081
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=C:\\Users\\abc.jks
server.ssl.key-store-password=C:\\Users\\password.txt
I am not able to find root cause and resolve the issue. Please help me to find out what i am doing wrong.
**Spring boot : 2.3.2.RELEASE
tomcat-embed-core-9.0.37.jar:9.0.37
jdk1.8.0_111**
Below is the error.
[AsyncReporter{org.springframework.cloud.sleuth.zipkin2.sender.RestTemplateSender#355ce6a6}] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
Caused by: java.security.UnrecoverableKeyException: Password verification failed
You are missing key password.
server.ssl.key-password=yourpasswordhere

java.security.AccessControlException in setting JAXB converter in Java 8

While working on upgrading java version for one of our project to 1.8 from existing 1.6, I am getting Spring's BeanCreationException in running automated tests with below as root cause:
Caused by: java.security.AccessControlException: access denied ("javax.xml.bind.JAXBPermission" "setDatatypeConverter")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at javax.xml.bind.DatatypeConverter.setDatatypeConverter(DatatypeConverter.java:134)
at com.sun.xml.bind.v2.runtime.JAXBContextImpl$3.run(JAXBContextImpl.java:304)
at com.sun.xml.bind.v2.runtime.JAXBContextImpl$3.run(JAXBContextImpl.java:303)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.bind.v2.runtime.JAXBContextImpl.<init>(JAXBContextImpl.java:302)
at com.sun.xml.bind.v2.runtime.JAXBContextImpl$JAXBContextBuilder.build(JAXBContextImpl.java:1170)
at com.sun.xml.bind.v2.ContextFactory.createContext(ContextFactory.java:145)
I'm using jaxb-impl-2.2.3.jar.
I couldn't find much on this on googling, any help is really appreciated.

Ehcache( Unable to load Class)

Hi All i am facing the issue in which i m not able to load my ehcache.xml file & its giving me error as below
Exception in thread "main" net.sf.ehcache.CacheException: Unable to load class net.sf.ehcache.terracotta.ExpressEnterpriseTerracottaClusteredInstanceFactory. Initial cause was org.terracotta.toolkit.ToolkitInstantiationException: java.lang.RuntimeException: Unable to create toolkit.
at net.sf.ehcache.util.ClassLoaderUtil.createNewInstance(ClassLoaderUtil.java:90)
at net.sf.ehcache.terracotta.TerracottaClusteredInstanceHelper.newClusteredInstanceFactory(TerracottaClusteredInstanceHelper.java:157)
at net.sf.ehcache.terracotta.TerracottaClient.createNewClusteredInstanceFactory(TerracottaClient.java:180)
at net.sf.ehcache.terracotta.TerracottaClient.createClusteredInstanceFactory(TerracottaClient.java:129)
at net.sf.ehcache.CacheManager.doInit(CacheManager.java:463)
at net.sf.ehcache.CacheManager.init(CacheManager.java:395)
at net.sf.ehcache.CacheManager.<init>(CacheManager.java:270)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:1116)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:947)
at BigMemoryDemo.main(BigMemoryDemo.java:8)
Caused by: java.lang.RuntimeException: org.terracotta.toolkit.ToolkitInstantiationException: java.lang.RuntimeException: Unable to create toolkit.
at org.terracotta.modules.ehcache.TerracottaToolkitBuilder.createToolkit(TerracottaToolkitBuilder.java:63)
at org.terracotta.modules.ehcache.TerracottaToolkitBuilder.buildToolkit(TerracottaToolkitBuilder.java:56)
at org.terracotta.modules.ehcache.ToolkitInstanceFactoryImpl.createTerracottaToolkit(ToolkitInstanceFactoryImpl.java:183)
at org.terracotta.modules.ehcache.ToolkitInstanceFactoryImpl.<init>(ToolkitInstanceFactoryImpl.java:119)
at org.terracotta.modules.ehcache.ToolkitInstanceFactoryImpl.<init>(ToolkitInstanceFactoryImpl.java:129)
at org.terracotta.modules.ehcache.EnterpriseToolkitInstanceFactory.<init>(EnterpriseToolkitInstanceFactory.java:23)
at org.terracotta.modules.ehcache.store.EnterpriseTerracottaClusteredInstanceFactory.createToolkitInstanceFactory(EnterpriseTerracottaClusteredInstanceFactory.java:21)
at org.terracotta.modules.ehcache.store.TerracottaClusteredInstanceFactory.<init>(TerracottaClusteredInstanceFactory.java:65)
at org.terracotta.modules.ehcache.store.EnterpriseTerracottaClusteredInstanceFactory.<init>(EnterpriseTerracottaClusteredInstanceFactory.java:15)
at net.sf.ehcache.terracotta.ExpressEnterpriseTerracottaClusteredInstanceFactory.<init>(ExpressEnterpriseTerracottaClusteredInstanceFactory.java:11)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at net.sf.ehcache.util.ClassLoaderUtil.createNewInstance(ClassLoaderUtil.java:73)
... 9 more
Caused by: org.terracotta.toolkit.ToolkitInstantiationException: java.lang.RuntimeException: Unable to create toolkit.
at com.terracotta.toolkit.api.TerracottaToolkitFactoryService.createToolkit(TerracottaToolkitFactoryService.java:49)
at org.terracotta.toolkit.ToolkitFactory.create(ToolkitFactory.java:100)
at org.terracotta.toolkit.ToolkitFactory.createToolkit(ToolkitFactory.java:84)
at org.terracotta.modules.ehcache.TerracottaToolkitBuilder.createToolkit(TerracottaToolkitBuilder.java:61)
... 23 more
Caused by: java.lang.RuntimeException: Unable to create toolkit.
at com.terracotta.toolkit.client.TerracottaToolkitCreator.createToolkit(TerracottaToolkitCreator.java:70)
at com.terracotta.toolkit.api.EnterpriseTerracottaToolkitFactoryService.createToolkit(EnterpriseTerracottaToolkitFactoryService.java:17)
at com.terracotta.toolkit.api.TerracottaToolkitFactoryService.createToolkit(TerracottaToolkitFactoryService.java:44)
... 26 more
Caused by: java.lang.RuntimeException: org.terracotta.toolkit.ToolkitRuntimeException: net.sf.ehcache.config.InvalidConfigurationException: The disk path for this cache manager is the default path. You must define a specific unique disk path for this manager in order to use restartable caches.
at com.terracotta.toolkit.client.TerracottaToolkitCreator.initializeDefaultCacheManagerProvider(TerracottaToolkitCreator.java:175)
at com.terracotta.toolkit.client.TerracottaToolkitCreator.createToolkit(TerracottaToolkitCreator.java:55)
... 28 more
Caused by: org.terracotta.toolkit.ToolkitRuntimeException: net.sf.ehcache.config.InvalidConfigurationException: The disk path for this cache manager is the default path. You must define a specific unique disk path for this manager in order to use restartable caches.
at com.terracotta.toolkit.express.TerracottaInternalClientImpl.instantiate(TerracottaInternalClientImpl.java:159)
at com.terracotta.toolkit.client.TerracottaToolkitCreator.initializeDefaultCacheManagerProvider(TerracottaToolkitCreator.java:173)
... 29 more
Caused by: net.sf.ehcache.config.InvalidConfigurationException: The disk path for this cache manager is the default path. You must define a specific unique disk path for this manager in order to use restartable caches.
at net.sf.ehcache.store.restartability.EhcacheRestartability.constructRestartability(EhcacheRestartability.java:189)
at net.sf.ehcache.store.restartability.EhcacheRestartability.startup(EhcacheRestartability.java:94)
at net.sf.ehcache.EnterpriseFeaturesManager.startup(EnterpriseFeaturesManager.java:102)
at net.sf.ehcache.CacheManager.doInit(CacheManager.java:520)
at net.sf.ehcache.CacheManager.init(CacheManager.java:395)
at net.sf.ehcache.CacheManager.<init>(CacheManager.java:270)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:1116)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:1092)
at com.terracotta.toolkit.ToolkitCacheManagerProvider.createDefaultToolkitCacheManager(ToolkitCacheManagerProvider.java:19)
at com.terracotta.toolkit.ToolkitCacheManagerProvider.<init>(ToolkitCacheManagerProvider.java:14)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at com.terracotta.toolkit.express.TerracottaInternalClientImpl.instantiate(TerracottaInternalClientImpl.java:156)
... 30 more
Note:- It was working fine earlier. I just made one more passive node at TSA. TSA is up & running
This is ehcache.xml file
<?xml version="1.0" encoding="UTF-8"?>
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="ehcache.xsd"
name="BigMemoryMax">
<defaultCache
maxEntriesLocalHeap="0"/>
<cache name="PersonCache" maxEntriesLocalHeap="20">
<searchable/>
</cache>
<terracottaConfig url="127.0.0.1:9510" />
</ehcache>
The exact error is at the bottom of the stack trace:
Caused by: net.sf.ehcache.config.InvalidConfigurationException: The disk path for this cache manager is the default path. You must define a specific unique disk path for this manager in order to use restartable caches.
at net.sf.ehcache.store.restartability.EhcacheRestartability.constructRestartability(EhcacheRestartability.java:189)
at net.sf.ehcache.store.restartability.EhcacheRestartability.startup(EhcacheRestartability.java:94)
at net.sf.ehcache.EnterpriseFeaturesManager.startup(EnterpriseFeaturesManager.java:102)
at net.sf.ehcache.CacheManager.doInit(CacheManager.java:520)
at net.sf.ehcache.CacheManager.init(CacheManager.java:395)
at net.sf.ehcache.CacheManager.<init>(CacheManager.java:270)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:1116)
at net.sf.ehcache.CacheManager.newInstance(CacheManager.java:1092)
This indicates a configuration issue and given that the configuration you give in your question has no disk component, it means that your application is loading a different ehcache.xml.
Normally Ehcache indicates in its logs which configuration file is loaded. If you do not see that, turn logging level to DEBUG for net.sf.ehcache in your logging framework.

Resources