IBM Support

JR45792: BASIC AUTH IS USED WHEN USERNAMETOKEN IS USED UNDER SECURITY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • when security is used and under WS Security drop down menu
    for Authentication if UsernameToken is used, basic auth info is
    also
    sent in the request using the user and pwd speified for
    usernameToken.
    The basic auth info should be sent only when HTTP Authentication
    is
    selected in the WS Security drop down menu.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Webservice with security authentication     *
    *                  enabled.                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: When using UsernameToken                *
    *                      authentication method with              *
    *                      Webservice requests.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When enabling security in webservices with the JAX-WS
    engine enabled (v7.5.1.1 is not enabled by default. v8.0.0.0
    and above is enabled by default.), if the authentication
    method UsernameToken is selected, the Basic Authentication
    header is still appended to the request.  This causes issues
    when the receiving service is not expecting a Basic Auth
    type request.  An HTTP 401 unauthorized error may be
    returned.
    

Problem conclusion

  • Code changes have been made to properly use the correct
    authentication method in the webservices requests. An interim
    fix will be available on v7.5.1.1.  It will also be available
    in the next fix pack.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR45792

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-21

  • Closed date

    2013-04-26

  • Last modified date

    2013-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R750 PSY

       UP

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
08 January 2022