AppD Archive

java.security.AccessControlException: Access denied

CommunityUser
Splunk Employee
Splunk Employee

Seeig below error in agent.2013_05_14__06_27_08.0.log

Please help me if you have any idea ??

AD Thread Pool-Global0] 14 May 2013 06:27:14,774 ERROR ConfigurationChannel - Error registering agent with controller
java.security.AccessControlException: Access denied (java.util.PropertyPermission appdynamics.agent.node.metaInfo read)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1297)
at java.lang.System.getProperty(System.java:382)
at java.lang.System.getProperty(System.java:366)
at com.singularity.ee.util.vc.a(vc.java:22)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:981)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:67)
at com.singularity.ee.agent.appagent.kernel.config.xml.s.a(s.java:433)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:283)
at com.singularity.ee.agent.appagent.kernel.config.xml.ab.run(ab.java:443)
at com.singularity.ee.util.tb.run(tb.java:48)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:452)
at com.singularity.ee.util.ud.e(ud.java:290)
at com.singularity.ee.util.hb.b(hb.java:145)
at com.singularity.ee.util.ib.a(ib.java:82)
at com.singularity.ee.util.ib.b(ib.java:160)
at com.singularity.ee.util.ib.run(ib.java:184)
at com.singularity.ee.util.pb.a(pb.java:667)
at com.singularity.ee.util.pb.run(pb.java:692)
at java.lang.Thread.run(Thread.java:736)

0 Karma

Arun_Dasetty
Super Champion

Hi ,

Thanks for the error stack trace. Agent directory needs executable permissions for <agent_install_dir> and sub directories, From the error stack trace it seems to be agent directory does not have executable permissions. Can you please provide execuable permissions for agent directory and let us know how it goes.

Ex: Say if it is tomcat server you can add permissions to agent directory in the <tomcat_dir>/conf/catalina.policy above text "// ========== WEB APPLICATION PERMISSIONS ====================================="

// AppDynamics agent
grant codeBase "file:<agent_dir_path>/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "*", "read,write,execute";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getenv.*";
};

Please provide executable permissions to agent directory or update corresponding server policy file to provide permissions and let us know how it goes.

Thanks,

Arun

CommunityUser
Splunk Employee
Splunk Employee

Thx for looking into this Arun

We are using websphere application server on AIX machine

We do have 777 permissions install dir as below

drwxrwxrwx    5 matmsd   matmsd          256 May 10 18:29 AppServerAgentLite-ibm

drwxrwxrwx 4 matmsd matmsd 256 May 10 18:29 conf
-rwxrwxrwx 1 matmsd matmsd 26726 May 10 18:29 javaagent.jar
drwxrwxrwx 3 matmsd matmsd 256 May 10 18:29 lib
drwxrwxrwx 3 matmsd matmsd 256 May 10 18:35 logs
-rwxrwxrwx 1 matmsd matmsd 1662 May 10 18:29 readme.txt

we are still seeing below error

[AD Thread Pool-Global0] 14 May 2013 06:27:14,774 ERROR ConfigurationChannel - Error registering agent with controller
java.security.AccessControlException: Access denied (java.util.PropertyPermission appdynamics.agent.node.metaInfo read)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1297)
at java.lang.System.getProperty(System.java:382)
at java.lang.System.getProperty(System.java:366)
at com.singularity.ee.util.vc.a(vc.java:22)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:981)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:67)
at com.singularity.ee.agent.appagent.kernel.config.xml.s.a(s.java:433)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:283)
at com.singularity.ee.agent.appagent.kernel.config.xml.ab.run(ab.java:443)
at com.singularity.ee.util.tb.run(tb.java:48)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:452)
at com.singularity.ee.util.ud.e(ud.java:290)
at com.singularity.ee.util.hb.b(hb.java:145)
at com.singularity.ee.util.ib.a(ib.java:82)
at com.singularity.ee.util.ib.b(ib.java:160)
at com.singularity.ee.util.ib.run(ib.java:184)
at com.singularity.ee.util.pb.a(pb.java:667)
at com.singularity.ee.util.pb.run(pb.java:692)
at java.lang.Thread.run(Thread.java:736)
[AD Thread Pool-Global0] 14 May 2013 06:27:19,794 INFO ConfigurationChannel - Sending Registration request with: Application Name [Server App], Tier Name [Server Tier], Node Name [Server Node], Host Name [reldresal] Node Unique Local ID [Server Node], Version [Server Agent Lite v3.3.4.0 RC Build Date 2013-03-20 20:23]
[AD Thread Pool-Global0] 14 May 2013 06:27:19,805 ERROR ConfigurationChannel - Fatal transport error: A remote host refused an attempted connect operation.
[AD Thread Pool-Global0] 14 May 2013 06:27:19,805 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]
[AD Thread Pool-Global1] 14 May 2013 06:27:24,816 INFO ConfigurationChannel - Sending Registration request with: Application Name [Server App], Tier Name [Server Tier], Node Name [Server Node], Host Name [reldresal] Node Unique Local ID [Server Node], Version [Server Agent Lite v3.3.4.0 RC Build Date 2013-03-20 20:23]
[AD Thread Pool-Global1] 14 May 2013 06:27:24,822 ERROR ConfigurationChannel - Fatal transport error: A remote host refused an attempted connect operation.
[AD Thread Pool-Global1] 14 May 2013 06:27:24,822 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]
[AD Thread Pool-Global1] 14 May 2013 06:27:29,837 INFO ConfigurationChannel - Sending Registration request with: Application Name [Server App], Tier Name [Server Tier], Node Name [Server Node], Host Name [reldresal] Node Unique Local ID [Server Node], Version [Server Agent Lite v3.3.4.0 RC Build Date 2013-03-20 20:23]
[AD Thread Pool-Global1] 14 May 2013 06:27:29,846 ERROR ConfigurationChannel - Fatal transport error: A remote host refused an attempted connect operation.
[AD Thread Pool-Global1] 14 May 2013 06:27:29,846 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]
[AD Thread Pool-Global0] 14 May 2013 06:27:34,863 INFO ConfigurationChannel - Sending Registration request with: Application Name [Server App], Tier Name [Server Tier], Node Name [Server Node], Host Name [reldresal] Node Unique Local ID [Server Node], Version [Server Agent Lite v3.3.4.0 RC Build Date 2013-03-20 20:23]
[AD Thread Pool-Global0] 14 May 2013 06:27:34,867 ERROR ConfigurationChannel - Fatal transport error: A remote host refused an attempted connect operation.
[AD Thread Pool-Global0] 14 May 2013 06:27:34,867 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]

0 Karma

Arun_Dasetty
Super Champion

Hi ,

Thanks for the error stack trace. It is evident from the error stack trace there seems to be permission issues still:

Can you confirm whether websphere is running as root user, as you have provided 777 permissions to agent directory and sub directories, please make sure that user running websphere have executable permissions on agent directory.
============================
[AD Thread Pool-Global0] 14 May 2013 06:27:14,774 ERROR ConfigurationChannel - Error registering agent with controller
java.security.AccessControlException: Access denied (java.util.PropertyPermission appdynamics.agent.node.metaInfo read)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)

 
and also we see the lite viewer host is not accessible 17.170.198.10]:8990 , can you confirm whether you are able to access lite viewer from machine on which server with lite agent is configured:a
shell> ping 17.170.198.10


[AD Thread Pool-Global0] 14 May 2013 06:27:34,867 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]
=======================================

Let  us know how it goes.

Thanks,

Arun

0 Karma

Arun_Dasetty
Super Champion

Hi,

In addition to the above comments:
Can you also try the following:
- Install liteviewer and agent as "not" as root user
- provide permissions to agent directory as follows:
shell> chmod 577 /ngs/app/matmsd/IBM/AppServerAgentLite-ibm
shell> chmod 577 /ngs/app/matmsd/IBM/AppServerAgentLite-ibm/ -R

Now run the server as "not" as root user, say username logged in to run to websphere is user1,
Now the run the websphere as user1, please let us know if that helps.

Also as i mentioned at forum and also we see the lite viewer host is not accessible 17.170.198.10]:8990 , can you confirm whether you are able to access lite viewer from machine on which server with lite agent is configured:
shell> ping 17.170.198.10

======
[AD Thread Pool-Global0] 14 May 2013 06:27:34,867 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [17.170.198.10], port[8990], exception [Fatal transport error: A remote host refused an attempted connect operation.]
=====================

Thanks,

Arun

0 Karma
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...