File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4) Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Products » Websphere
Reply Bookmark "SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)" Watch "SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)" New topic
Author

SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)

Milan Duriancik
Greenhorn

Joined: Jan 21, 2005
Posts: 3
posted
0
Quote
I have the following error regularily in the logs of my managed application servers. This happens since the update from 5.1.1.3 to 5.1.1.4 (the same thing with 5.1.1.5) :

SECJ0306E: No received or invocation credential exist on
the thread. The Role based authorization check will not have
an accessId of the caller to check.

--------------------------------------

After analysing the trace (com.ibm.ws.security.*) I found that it is a token LTPA that expires, before the call to getState (called evry minute => I think this must be the node agent that queries the states of the application servers) and is refreshed only after the error happend.

It happens almoste every 120 min (120 min is the expiration time of the token LTPA)

This error has no consequences on the execution of the deployed applications.

Has anybody a problem like this?
Has anybode an idea what is wrong?


Milan


----------------------------------------------------------------------------
...

[01/07/05 08:46:05:209] 70eb7271 > source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
checkAccess, methodName:getState resourceName: Server moduleName: Server
[01/07/05 08:46:05:209] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedModule
getRequiredRoles(Server:getState)
[01/07/05 08:46:05:209] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedSubjectMap
isEveryoneGranted
[01/07/05 08:46:05:209] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedSubjectMap
isEveryoneGranted
[01/07/05 08:46:05:209] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
invocation and received cred are both null!
[01/07/05 08:46:05:209] 70eb7271 E source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
SECJ0306E: Aucun justificatif re�u ou d'appel n'existe sur l'unit� d'ex�cution. Le contr�le d'autorisation bas�e sur le r�le n'aura pas d'ID d'acc�s � v�rifier pour l'appelant. Les param�tres sont : m�thode de contr�le d'acc�s getState sur la ressource Server et le module Server. La trace de pile est java.lang.Exception: dump thread stack for debugging
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java:292)
at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1347)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:657)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:130)
at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:62)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:320)
at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:190)
at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:55)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912)
.
[01/07/05 08:46:05:271] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
accessId: NO_CRED_NO_ACCESS_ID
[01/07/05 08:46:05:271] 70eb7271 > source=com.ibm.ws.security.role.RoleBasedSubjectMap
isGrantedAnyRole
[01/07/05 08:46:05:271] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedSubjectMap
isGrantedAnyRole: grantedRoles null, access denied
[01/07/05 08:46:05:271] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
checkAccess, result:false
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.auth.ContextManagerImpl
Server cred time remaining = -181781
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.auth.ContextManagerImpl
Server Subject expired, refreshing...
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Expiration passed into cloned token: 1120200358506
[01/07/05 08:46:05:287] 70d37271 > source=com.ibm.ws.security.ltpa.LTPAToken
new LTPAToken from clone
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Refreshing expiration of token.
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Expiration set to: Fri Jul 01 09:06:05 2005
...
[ July 01, 2005: Message edited by: Milan Duriancik ]
milan
Hiroshi Tominaga
Greenhorn

Joined: Apr 21, 2005
Posts: 29
posted private message
0
Quote
Hi,
I don't know if you already fix the problem..if not, i know that cumulative fix 7 for was 5.1.1 solves this problem.
I also had same problem with was 5.1.1.5


best regards!

SCJP 1.4, <br />IBM Certified System Administrator Websphere Application Server 5.0, IBM Certified DB2 UDB Database Associate
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)
 
Similar Threads
Problems to update a Portlet
To deploy EJB module WAS V7.0 in MyEclipse Blue 6.5 -- URGENT
RAD6/WAS6 Uninstall?
deploy ear in WAS v7.0 in MyEclipse blue 6.5
Websphere Application Server V6.1 connection problem with DB2 V8.1