IBM Support

JR47140: SECURITYEXCEPTION THROWN FOR USER IDS THAT CONTAIN APOSTROPHE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SecurityException thrown for user IDs that contain apostrophe
    .
    The root of this exception appears to be security code having
    problem to search user with " ' " (single quote) in user name.
    In customer's scenario, a user " VO'Hair" is included in a LDAP
    group which is a member of a participant group. It appears that
    every user in the LDAP group was imported to BPM during import
    BPD and checked against userID. Since VO'Hair is not visible by
    BPM due to LDAP filter, BPM checks against local DB which runs
    into the error.
    .
    When a user name like " O'wang" is used to log into admin
    console, then the same error occurs as when customer imports
    their twx file.
    

Local fix

Problem summary

  • Problem Description:
    
    When searching a userID in the local DB that contain a
    apostrophe in it's name
    this results in a security exception.
    
    Problem Summary:
    
    The root of this exception appears to be security code having
    problem to search
    user with "'" (single quote) in user name. In customer's
    scenario, a user
    "VO'Hair" is included in a LDAP group which is a member of a
    participant group.
    It appears that every user in the LDAP group was imported to BPM
    during import
    BPD and checked against userID. Since VO'Hair is not visible by
    BPM due to LDAP
    filter, BPM checks against local DB which runs into the error.
    

Problem conclusion

  • With this interim fix the code that access the local DB to
    retrieve users from
    there will be updated so that it can deal with users that
    contain a single quote.
    
    FIX AVAILABILITY:
    iFix for 7.5.1.1 is available on Fix Central, search for APAR
    JR47140 at http://www.ibm.com/support/fixcentral/
    
    Fix is also targetted for inclusion in next fixpack for BPM
    V7.5.1.2
    Fix is also targetted for inclusion in next fixpack for BPM
    V8.0.1.2
    Fix is also targetted for inclusion in next fixpack for BPM
    V8.5.0.1
    
    When obtaining any of the above fixes, be sure to download the
    accompanying readme, for itself and any prerequisite fixes, and
    review them thorougly
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR47140

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-07-03

  • Closed date

    2013-08-29

  • Last modified date

    2013-08-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R751 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
29 August 2013