IBM Support

PH13835: OUTBOUND EJB-WOLA CONNECTION FAILS NO_PERMISSION DUE TO TRANSPORTLAYER SETTINGS BEING PICKED UP FROM INCOMING RMI CALL.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In a cllient to server (EJB) to server call the initial call to
    the first server is via RMI.  The first server (EJB) fails on a
    WOLA connection attempt to the second server  (lookup CORBA
    NO_PERMISSION exception) due
    to using TransportLayer settings that came in on the inbound RMI
    call.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V8.5 and V9.0                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: utilizing zOS WebSphere Optimized       *
    *                      Local Adapters (OLA or WOLA) results    *
    *                      in org.omg.CORBA.BAD_OPERATION error.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Customer is utilizing zOS WebSphere Optimized Local Adapters
    (OLA or WOLA) . They are attempting Identity Assertion and
    fail with:
    69537 Trace: 2019/06/25 16:56:47.740 02 t=9B1828 c=0.FFFFFFFF
    key=P8 tag= (13007004)
    69538   SourceId:
    com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIForCFW
    69539   ExtendedMessage: Exception trying to create service
    context.; org.omg.CORBA.BAD_OPERATION:   vmcid: 0x0  minor
    code: 0  completed: No
    69540     at
    org.omg.CSI.IdentityToken.discriminator(IdentityToken.java:29)
    69541     at
    com.ibm.ISecurityUtilityImpl.CSIUtil.print_ec_message(CSIUtil.ja
    va:505)
    69542     at
    com.ibm.ISecurityLocalObjectTokenBaseImpl.SecurityContextImpl.cs
    i_client_preprotect(SecurityContextImpl.java:944)
    69543     at
    com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.setSecur
    ityContext(CSIClientRIBase.java:2541)
    69544     at
    com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIForCFW.send_r
    equest(CSIClientRIForCFW.java:314)
    69545     at
    com.ibm.rmi.pi.InterceptorManager.invokeInterceptor(InterceptorM
    anager.java:574)
    69546     at
    com.ibm.rmi.pi.InterceptorManager.iterateClientInterceptors(Inte
    rceptorManager.java:414)
    69547     at
    com.ibm.rmi.pi.InterceptorManager.iterateSendRequest(Interceptor
    Manager.java:640)
    69548     at
    com.ibm.ws390.orb.WS390InterceptorManager.interceptOutboundReque
    st(WS390InterceptorManager.java:139)
    69549     at
    com.ibm.ws390.orb.ClientDelegate.commonInvoke(ClientDelegate.jav
    a:1015)
    69550     at
    com.ibm.ws390.orb.ClientDelegate.invoke(ClientDelegate.java:895)
    69551     at
    org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:484)
    69552     at
    com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameS
    erviceStub.java:39)
    69553     at
    com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(Ws
    nInitCtxFactory.java:1550)
    69554     at
    com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServe
    r(WsnInitCtxFactory.java:1043)
    69555     at
    com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnI
    nitCtxFactory.java:963)
    69556     at
    com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextIntern
    al(WsnInitCtxFactory.java:615)
    69557     at
    com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128
    )
    69558     at
    com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.ja
    va:765)
    69559     at
    com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
    69560     at
    com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
    69561     at
    org.apache.aries.jndi.DelegateContext.lookup(DelegateContext.jav
    a:161)
    69562     at
    javax.naming.InitialContext.lookup(InitialContext.java:428)
    69563     at
    com.ibm.ws.naming.util.CorbaURLContext.getInitialContext(CorbaUR
    LContext.java:209)
    

Problem conclusion

  • Security code was updated to properly propagate the user
    identity on outbound RMI/IIOP request involving WOLA.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.17 and 9.0.5.3.  Please refer to the
    Recommended
    Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?
    rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH13835

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-27

  • Closed date

    2019-12-11

  • Last modified date

    2019-12-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 October 2021