PM84740: IN JAX-WS WS-SECURITY, WHEN THERE IS AN LTPA TOKEN IN A CALLER CONFIGURATION, A MEMORY LEAK MAY OCCUR.

Fixes are available

APAR status

Closed as program error.

Error description

In JAX-WS WS-Security, when there is an LTPA token in a caller
configuration, a memory leak may occur.

User is receiving the symptom below:

1,099,188,416 (91%) [168] 18
com/ibm/ws/security/auth/ContextManagerImpl
                             0x4485e9b0

 612,233,040 (50%) [56] 5 com/ibm/ws/security/auth/AuthCache
0x4506bf00
  216,879,464 (18%) [48] 1
java/util/concurrent/ConcurrentHashMap
                           0x65d118f8

   216,879,416 (18%) [80] 16 array of
java/util/concurrent/Concurrent
                             HashMap$Segment 0x51058520

    36,289,640 (3%) [40] 2
java/util/concurrent/ConcurrentHashMap$
                           Segment 0x510587c8

    29,019,752 (2%) [40] 2
java/util/concurrent/ConcurrentHashMap$
                           Segment 0x510587a0

    22,577,520 (1%) [40] 2
java/util/concurrent/ConcurrentHashMap$
                           Segment 0x51058778

Local fix

```
No work around at this time.
```

Problem summary

****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server users of   *
*                  WS-Security enabled JAX-WS web services     *
*                  applications and LTPA tokens                *
****************************************************************
* PROBLEM DESCRIPTION: When there is an LTPA caller token in   *
*                      JAX-WS WS-Security, a memory leak may   *
*                      occur.                                  *
****************************************************************
* RECOMMENDATION:  Install a fix pack that contains this       *
*                  APAR.                                       *
****************************************************************
In JAX-WS WS-Security, when there is an LTPA token in a caller
configuration, a memory leak may occur.  This issue has not
been observed with other security tokens.

Problem conclusion

When WS-Security has a caller configuration for a token, both
the identity obtained from the token and the token itself are
put on the runAs subject.  The token is also put in the
authentication cache.

When a token consumer retrieves its token from a SOAP message,
a copy of the token is made that is detached from the SOAP
message so that a reference to the SOAP message does not
follow the token around.  When the LTPA token consumer
performs this copy, the SOAP message does not detach from the
copy.  Because of this, when the LTPA token copy is put in the
authentication cache, an object the size of the original SOAP
message is put in the cache instead of an object the size of
the LTPA token.

The WS-Security runtime is updated:

Before the runtime puts the LTPA token in the authentication
cache, a different method is used to make a copy of the LTPA
token that successfully detaches the SOAP message.

The fix for this APAR is currently targeted for inclusion in
fix packs 7.0.0.29, 8.0.0.7, and the fix pack after 8.5.0.2.
Please refer to the Recommended Updates page for delivery
information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PM84740
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-13
Closed date
2013-03-29
Last modified date
2013-03-29

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R700 PSY
UP
R800 PSY
UP
R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 October 2021

Tips

PM84740: IN JAX-WS WS-SECURITY, WHEN THERE IS AN LTPA TOKEN IN A CALLER CONFIGURATION, A MEMORY LEAK MAY OCCUR.

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R700 PSY

R800 PSY

R850 PSY

Document Information

Share your feedback

Need support?