File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)" Watch "SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)" New topic
Author

SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)

Milan Duriancik
Greenhorn

Joined: Jan 21, 2005
Posts: 3
I have the following error regularily in the logs of my managed application servers. This happens since the update from 5.1.1.3 to 5.1.1.4 (the same thing with 5.1.1.5) :

SECJ0306E: No received or invocation credential exist on
the thread. The Role based authorization check will not have
an accessId of the caller to check.

--------------------------------------

After analysing the trace (com.ibm.ws.security.*) I found that it is a token LTPA that expires, before the call to getState (called evry minute => I think this must be the node agent that queries the states of the application servers) and is refreshed only after the error happend.

It happens almoste every 120 min (120 min is the expiration time of the token LTPA)

This error has no consequences on the execution of the deployed applications.

Has anybody a problem like this?
Has anybode an idea what is wrong?


Milan


----------------------------------------------------------------------------
...

[01/07/05 08:46:05:209] 70eb7271 > source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
checkAccess, methodName:getState resourceName: Server moduleName: Server
[01/07/05 08:46:05:209] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedModule
getRequiredRoles(Server:getState)
[01/07/05 08:46:05:209] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedSubjectMap
isEveryoneGranted
[01/07/05 08:46:05:209] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedSubjectMap
isEveryoneGranted
[01/07/05 08:46:05:209] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
invocation and received cred are both null!
[01/07/05 08:46:05:209] 70eb7271 E source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
SECJ0306E: Aucun justificatif re�u ou d'appel n'existe sur l'unit� d'ex�cution. Le contr�le d'autorisation bas�e sur le r�le n'aura pas d'ID d'acc�s � v�rifier pour l'appelant. Les param�tres sont : m�thode de contr�le d'acc�s getState sur la ressource Server et le module Server. La trace de pile est java.lang.Exception: dump thread stack for debugging
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java:292)
at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1347)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:657)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:130)
at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:62)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:320)
at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:190)
at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:55)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:652)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:448)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912)
.
[01/07/05 08:46:05:271] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
accessId: NO_CRED_NO_ACCESS_ID
[01/07/05 08:46:05:271] 70eb7271 > source=com.ibm.ws.security.role.RoleBasedSubjectMap
isGrantedAnyRole
[01/07/05 08:46:05:271] 70eb7271 d source=com.ibm.ws.security.role.RoleBasedSubjectMap
isGrantedAnyRole: grantedRoles null, access denied
[01/07/05 08:46:05:271] 70eb7271 < source=com.ibm.ws.security.role.RoleBasedAuthorizerImpl
checkAccess, result:false
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.auth.ContextManagerImpl
Server cred time remaining = -181781
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.auth.ContextManagerImpl
Server Subject expired, refreshing...
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Expiration passed into cloned token: 1120200358506
[01/07/05 08:46:05:287] 70d37271 > source=com.ibm.ws.security.ltpa.LTPAToken
new LTPAToken from clone
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Refreshing expiration of token.
[01/07/05 08:46:05:287] 70d37271 d source=com.ibm.ws.security.ltpa.LTPAToken
Expiration set to: Fri Jul 01 09:06:05 2005
...
[ July 01, 2005: Message edited by: Milan Duriancik ]

milan
Hiroshi Tominaga
Greenhorn

Joined: Apr 21, 2005
Posts: 29
Hi,
I don't know if you already fix the problem..if not, i know that cumulative fix 7 for was 5.1.1 solves this problem.
I also had same problem with was 5.1.1.5


best regards!


SCJP 1.4, <br />IBM Certified System Administrator Websphere Application Server 5.0, IBM Certified DB2 UDB Database Associate
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SECJ0306E: LTPA Token expiration, why? (WAS 5.1.1.4)