For general tips on diagnosing and resolving security-related problems, see the topic Troubleshooting the security component.
If you do not see a problem that resembles yours, or if the information provided does not solve your problem, see Obtaining help from IBM.
Authentication error accessing a Web page
If the user registry configuration, user ID, and password appear correct, use the WebSphere Application Server trace to determine the cause of the problem. To enable security trace, use the com.ibm.ws.security.*=all=enabled trace specification.
Authorization error accessing a Web page
If a user who should have access to a resource does not, there is probably a missing configuration step. Review the steps for securing and granting access to resources.
If the user is granted required roles, but still fails to access the secured resources, enable security trace, using com.ibm.ws.security.*=all=enabled as the trace specification. Collect trace information for further resolution.
Error Message: CWSCJ0314E: Current Java 2 security policy reported a potential violation on server
Error Message: CWSCJ0314E: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to Problem Determination Guide for further information. {0}Permission\:{1}Code\:{2}{3}Stack Trace\:{4}Code Base Location\:{5}The Java security manager checkPermission() method has reported an exception, SecurityException.
The reported exception might be critical to the secure system. Turn on security trace to determine the potential code that might have violated the security policy. Once the violating code is determined, verify if the attempted operation is permitted with respect to Java 2 Security, by examining all applicable Java 2 security policy files and the application code.
For a review of Java security policies and what they mean , see the Java 2 Security documentation at http://java.sun.com/j2se/1.3/docs/guide/security/index.html .
Error message: CWMSG0508E: The JMS Server security service was unable to authenticate user ID:" error displayed in SystemOut.log when starting an application server
This error can result from installing the JMS messaging API sample and then enabling security. You can follow the instructions in the Configure and Run page of the corresponding JMS sample documentation to configure the sample to work with WebSphere Application Server security.
You can verify the installation of the message-driven bean sample by launching the installation program, selecting Custom, and browsing the components which are already installed in the Select the features you like to install panel. The JMS sample is shown as Message-Driven Bean Sample, under Embedded Messaging.
You can also verify this installation by using the administrative console to open the properties of the application server which contains the samples. Select MDBSamples and click uninstall.
Error message: CWSCJ0237E: One or more vital LTPAServerObject configuration attributes are null or not available after enabling security and starting the application server.
This error message can result from selecting Lightweight Third Party Authentication (LTPA) as the authentication mechanism, but not generating the LTPA keys. The LTPA keys encrypt the LTPA token.
The exception AccessControlException, is reported in the SystemOut.log
The problem is related to the Java 2 Security feature of WebSphere Application Server, the API-level security framework that is implemented in WebSphere Application Server Version 5. An exception similar to the following example displays. The error message and number can vary.E CWSRV0020E: [Servlet Error]-[validator]: Failed to load servlet: java.security.AccessControlException: access denied (java.io.FilePermission C:\WebSphere\AppServer\installedApps\maeda\adminconsole.ear\adminconsole.war\ WEB-INF\validation.xml read)
For an explanation of Java 2 security, how and why to enable or disable it, how it relates to policy files, and how to edit policy files, see the Java 2 security topic in the information center navigation. The topic explains that Java 2 security is not only used by this product, but developers can also implement it for their business applications. Administrators might need to involve developers, if this exception is thrown when a client tries to access a resource hosted by WebSphere Application Server.
CWSCJ0189E: Caught ParserException while creating template for application policy C:\WAS\config\cells\xxx\nodes\xxx\app.policy.The exception is com.ibm.ws.security.util.ParserException: line 18: expected ';', found 'grant'
Permission: C:\WebSphere\AppServer\logs\server1\SystemOut_02.08.20_11.19.53.log : access denied (java.io.FilePermission C:\WebSphere\AppServer\logs\server1\SystemOut_02.08.20_11.19.53.log delete) Code: com.ibm.ejs.ras.RasTestHelper$7 in {file:/C:/WebSphere/AppServer/installedApps/maeda/JrasFVTApp.ear/RasLib.jar } Stack Trace: java.security.AccessControlException: access denied (java.io.FilePermission C:\WebSphere\AppServer\logs\server1\SystemOut_02.08.20_11.19.53.log delete ) at java.security.AccessControlContext.checkPermission (AccessControlContext.java(Compiled Code)) at java.security.AccessController.checkPermission (AccessController.java(Compiled Code)) at java.lang.SecurityManager.checkPermission (SecurityManager.java(Compiled Code)) . Code Base Location: com.ibm.ws.security.core.SecurityManager : file:/C:/WebSphere/AppServer/lib/securityimpl.jar ClassLoader: com.ibm.ws.bootstrap.ExtClassLoader Permissions granted to CodeSource (file:/C:/WebSphere/AppServer/lib/securityimpl.jar <no certificates> { (java.util.PropertyPermission java.vendor read); (java.util.PropertyPermission java.specification.version read); (java.util.PropertyPermission line.separator read); (java.util.PropertyPermission java.class.version read); (java.util.PropertyPermission java.specification.name read); (java.util.PropertyPermission java.vendor.url read); (java.util.PropertyPermission java.vm.version read); (java.util.PropertyPermission os.name read); (java.util.PropertyPermission os.arch read); } ( This list continues.)
Error Message: CWSCJ0336E: Authentication failed for user {0} because of the following exception {1}
Related tasks
Troubleshooting by task
Troubleshooting by component
Related reference
Access problems after enabling security