Troubleshooting: PRPC fails on WebSphere Application Server requesting Java security augmented permissions
Summary
PRPC 6.3 SP1 running on WebSphere Application Server 8.0 does not start. The WebSphere Application Server SystemOUT log includes entries that indicate that the PRPC application is looking for Java security permissions and that these permissions need to be set.
WebSphere Application Server SystemOUT log
[10/24/13 10:42:41:606 EDT] 00000011 PRBootstrap Z com.pega.pegarules.internal.bootstrap.PRBootstrap prbootstrap.properties merged with prbootstrap entries in Data-Admin-System-Settings
[10/24/13 10:42:41:628 EDT] 00000011 SystemOut O Augmented permissions to be applied to Pega bootstrap phase 2 classes:
java.security.Permissions@49525292 (
(com.ibm.oti.shared.SharedClassPermission com.pega.apache.axis2.deployment.DeploymentClassLoader read,write)
(com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.internal.bootstrap.phase2.PRBaseLoader read,write)
(com.ibm.oti.shared.SharedClassPermission com.pega.pegarules.bootstrap.loader.PRAppLoader read,write)
(java.util.PropertyPermission * read)
(java.net.NetPermission specifyStreamHandler)
(java.util.logging.LoggingPermission control)
(java.net.SocketPermission * connect,resolve)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.lang.reflect.ReflectPermission suppressAccessChecks)
(javax.management.MBeanServerPermission createMBeanServer)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer/java/jre read)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer/java/jre/- read)
(java.io.FilePermission /home/waslex/* read)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer/profiles/
cpmhcWasServer01/temp/naswaspegadev01Node01/cpmhcWasServer01/
prpc_j2ee14_ws/prweb.war read,write)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer/profiles/
cpmhcWasServer01/temp/naswaspegadev01Node01/cpmhcWasServer01/
prpc_j2ee14_ws/prweb.war/- read,write,delete)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer read)
(java.io.FilePermission /usr/IBM/WebSphereV8/AppServer/- read)
(javax.management.MbeanPermission com.pega.*#*[] registerMBean)
(javax.management.MbeanTrustPermission register)
(java.security.SecurityPermission getPolicy)
(java.lang.RuntimePermission defineClassInPackage.java.lang)
(java.lang.RuntimePermission getProtectionDomain)
(java.lang.RuntimePermission getClassLoader)
(java.lang.RuntimePermission accessClassInPackage.com.ibm.oti.shared)
(java.lang.RuntimePermission accessDeclaredMembers)
(java.lang.RuntimePermission accessClassInPackage.sun.util.logging.resources)
(java.lang.RuntimePermission createClassLoader)
)
Explanation
The SystemOUT log entries indicate that you have the setting for Java 2 security checked:
Use Java 2 security to restrict application access to local resources
This setting causes the SystemOUT log to generate entries about missing permissions in PRPC property files, and it prevents start-up of PRPC.
Suggested Approach
To suppress log entries regarding Java security permissions for PRPC files and to allow PRPC to start:
- In the WebSphere Application Server Integrated Solutions Console, the settings, find the Java 2 security setting, Use Java 2 security to restrict application access to local resources.
- Uncheck the Java 2 setting and click Apply.
Disabling the Java 2 security setting in WebSphere Application Server will suppress the log entries that flag missing permissions in PRPC property files. The PRPC system will start.
If you need to enable Java 2 security, follow the guidance in the WebSphere Application Server documentation.