Topic
3 replies Latest Post - ‏2014-09-01T13:01:33Z by franzw
Anshul_kumar
Anshul_kumar
13 Posts
ACCEPTED ANSWER

Pinned topic Error while invoking remote method through TDI

‏2014-08-26T08:23:24Z |

Our TDI and WAS are in different locations.Through TDI we are able to invoke ISIM connection but unable to call a passwordReset() method.

We get below error:

com.ibm.itim.apps.ApplicationException: CORBA NO_PERMISSION 0x0 No; nested exception is:

                org.omg.CORBA.NO_PERMISSION:

                >> SERVER (id=2dd4c35a, host=************) TRACE START:

                >>    org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException:  ; nested exception is:

                com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.SearchAuthorityHome create::2 null  vmcid: 0x0  minor code: 0  completed: No

                >>           at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:685)

                >>           at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:275)

                >>           at com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSContainer.java:4066)

                >>           at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:3273)

We referred to the technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21659565

 I am hoping is some has tried this then they might be familiar with this issue. Please share your inputs.Also, as per the technote "If ITDI is on a separate machine from WebSphere, you will need to edit the "ssl.client.props" file to refer to local copies of the key and truststores."

In this situation do we need to create new keystores/truststores in TDI or use the existing ones ? Also is there any certificate import is required here? As this was required when setting up WAS to WAS communication, so is it also required in setting up connection between remote Application and ISIM WAS?

Any suggestions?

Regards,

Anshul

  • franzw
    franzw
    319 Posts
    ACCEPTED ANSWER

    Re: Error while invoking remote method through TDI

    ‏2014-08-26T08:43:51Z  in response to Anshul_kumar

    If you are connecting to an ISIM cluster you must use SSL - I believe this is not necessary for a non-clustered installation unless it is switched on by purpose.

    So you need to get the 2 files correct - and then you need to import a certificate into your TDI solution - TDI does not care whether you use the default keystores ore you define your own in solutions.properties.

    I would try to make it work on the ISIM server first (in development that is) to make sure that you get everything right before going remote.

    There is a missing thing in the technote as well - to login you must have the tmsMessage.properties in your TDI java path - this is easiest done by jar/zipp'ing it into a jar file and add that to the TDI environment using your preferred method (I prfer to add to the custom jar path as documented in the solution.properties - there a limitation to that as there is a method clash between the WAS client jars and TDI...)

    HTH

    Regards

    Franz Wolfhagen 

    • Anshul_kumar
      Anshul_kumar
      13 Posts
      ACCEPTED ANSWER

      Re: Error while invoking remote method through TDI

      ‏2014-09-01T12:19:02Z  in response to franzw

      We were able to set up connection between our local RAD and ISIM without making any changes in ssl.client.props. For this, we had used the existing sas and ssl files from one of the profiles which we used during ISIM WAS to remote WAS connectivity.

      While testing it from TDI, we were getting Authorization failed exception, so we assumed we needed certificate import from WAS and creating new truststore in TDI and adding ISIM certificate to it and then changing the solution.properties. We tried all those but it didnt work either.

      Realizing that we are unsuccessful only when we test the solution using TDI, where we were invoking a class and method from a JAR in its classpath. It was assumed that this may be due to some other missing JARs in the class path to invoke the custom method. So we started replicating the classpath of our RAD project and TDI and came to below conclusion:

      Issue was due to missing jar and later due to conflict between two of the JARs: com.ibm..ws.webservices.thinclient_7.0.0.jar and com.ibm.jaxws.thinclient_7.0.0.jar

       

      I came across below error:

      An inconsistency in the build levels of installed application server client components was detected. The installed build level of client component jar:file:/C:/Program%20Files%20(x86)/IBM/TDI/V7.1/jars/Copy%20Of%20Lib/com.ibm.jaxws.thinclient_7.0.0.jar!/com/ibm/ejs/ras/lite/build.properties which is {CMVC_RELEASE=WAS70.SERV1, CMVC_LEVEL=cf231217.05} is different to the build level of client component jar:file:/C:/Program%20Files%20(x86)/IBM/TDI/V7.1/jars/3rdparty/IBM/isim/com.ibm.ws.webservices.thinclient_7.0.0.jar!/com/ibm/ejs/ras/lite/build.properties which is {CMVC_RELEASE=WAS70.SERV1, CMVC_LEVEL=cf291321.01}.

       

      I removed the com.ibm..ws.webservices.thinclient_7.0.0.jar from the classpath and the solution gave expected results and the ISSUE WAS FINALLY RESOLVED!

       

      com.ibm.jaxws.thinclient_7.0.0.jar is an external jar and not mentioned in technote , but it seems it is required here.

       

       

      • franzw
        franzw
        319 Posts
        ACCEPTED ANSWER

        Re: Error while invoking remote method through TDI

        ‏2014-09-01T13:01:33Z  in response to Anshul_kumar

        Oh - you hit the WAS/TDI jaxws class conflict.... There is an overlap of the classes in the thinclient jar (WAS client) and the jaxws jar (included in the TDI product itself).

        The problem cannot easily be resolved - but a workaround is to include the thinclient jar in the TDI jars library as one of the first IBM libraries - all other JARs can be added to the TDI environment using the com.ibm.di.server.userjars property in solutions.properies.

        I have tried to get a more deeper explanation on how to solve these kind class clashes from my contacts in TDI development - but they hae not come up with anything other than the workaround shown here (i.e. ensuring that thinclient jar is loaded early in the jar chain).

        But good to see you solved the problem.

        Regards

        Franz Wolfhagen