IBM Support

JR53022: SEVERAL OPERATIONS FAIL WITH SECURITY_ANONYMOUS_DISALLOWED ERROR

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • While using IBM Business Process Manager (BPM), you see several
    operations to start failing with an error containing the
    SECURITY_ANONYMOUS_DISALLOWED error code. The server
    SystemOut.log file contains exceptions, for example
    
     3/25/15 9:22:50:222 CET  000001c2 wle           E   CWLLG2229E:
    An exception occurred in an EJB call.  Error: CWTDS0000E: An
    unexpected failure occurred. Details: 'FNRCS0001:
    SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not
    allowed because the request was made anonymously instead of by
    an authenticated user. The application server reported that the
    user was anonymous.'
    
    Explanation: An exception was thrown.
    
    Action: Check the server log files.
    
    
    com.lombardisoftware.core.TeamWorksException: CWTDS0000E: An
    unexpected failure occurred. Details: 'FNRCS0001:
    SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not
    allowed because the request was made anonymously instead of by
    an authenticated user. The application server reported that the
    user was anonymous.'
    
    Explanation: An exception was thrown.
    
    Action: Check the server log files.
    
     at com.lombardisoftware.server.ejb.api.
      BPDInstanceDocumentAPICore.getDocumentsByInstance
      (BPDInstanceDocumentAPICore.java:566)
     at com.lombardisoftware.server.ejb.api.
      BPDInstanceDocumentAPICore.getDocumentsByInstance
      (BPDInstanceDocumentAPICore.java:533)
     at sun.reflect.GeneratedMethodAccessor960.invoke(Unknown
      Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke
      (DelegatingMethodAccessorImpl.java:37)
     at java.lang.reflect.Method.invoke(Method.java:611)
    
    Note that the call stack you see might be different because the
    error happens at several different operations.
    
    Restarting the server resolves the issue until it reappears
    after some time.
    

Local fix

Problem summary

  • When accessing the IBM BPM document store, a technical user who
    is defined as the IBM BPM EmbeddedECMTechnicalUser role type is
    used for various operations. The javax.security.auth.Subject
    object for this user is cached with a renewal mechanism before
    it expires.
    
    This issue happens when the credentials within the subject are
    invalidated by another thread, for example an asynchronous SCA
    operation.
    

Problem conclusion

  • A fix is available for IBM BPM that changes the subject caching
    logic to always validate the subject before using it. If
    invalidated, a new subject is created.
    
    On Fix Central (http://www.ibm.com/support/fixcentral), search
    for JR53022:
    
    1. Select IBM Business Process Manager with your edition from
      the product selector, the installed version to the fix pack
      level, and your platform, and then click Continue.
    
    2. Select APAR or SPR, enter JR53022, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

  • Not applicable
    

Comments

APAR Information

  • APAR number

    JR53022

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-04-07

  • Closed date

    2015-06-02

  • Last modified date

    2015-06-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R855 PSY

       UP

  • R856 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
02 June 2015