APAR status
Closed as program error.
Error description
Getting below exception while an application is trying to access the EJB method. But the method doit defined in MyBean is expecting only 'user' role. SecurityColla A SECJ0053E: Authorization failed for abc.xyz.at:123/def while invoking (Home)MyBeanM#bean.jar#EEName::4 CNTR0020E: EJB threw an unexpected (non-declared) exception during invocation of method "doit" on bean "BeanId(,null)". Exception data: javax.ejb.AccessLocalException: ; nested exception is: com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for abc.xyz.at:123/def while invoking (Home)MyBeanM#bean.jar#EEName::4 is not granted any of the r Admin at com.ibm.ws.security.core.SecurityCollaborator. performAuthorization(SecurityCollaborator.java:642) at com.ibm.ws.security.core.EJSSecurityCollaborat or.preInvoke(EJSSecurityCollaborator.java:268) at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCol laboratorAdapter.preInvoke(EJBSecurityCollaboratorAdapter.java: 66) at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCol laboratorAdapter.preInvoke(EJBSecurityCollaboratorAdapter.java: 40) at com.ibm.ejs.container.EJSContainer.notifySecur ityCollaboratorPreInvoke(EJSContainer.java:3405) at com.ibm.ejs.container.EJSContainer.preInvokeAf terActivate(EJSContainer.java:3338) at com.ibm.ejs.container.EJSContainer.preInvoke(E JSContainer.java:2502) at com.ABC.interfaces.c.EJSLocalHome_678.doit(Unknown Source)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * with EJB applications * **************************************************************** * PROBLEM DESCRIPTION: SECJ0053E occurs accessing EJB method * * from EJB with run-as-mode * **************************************************************** * RECOMMENDATION: * **************************************************************** The EJB Container intermittently fails to read the "run-as-mode" (XML) or "runAsSettings" (XMI) elements in the ibm-ejb-jar- ext.xml/xmi file resulting in EJB methods running without the configured role. The initial failure is a NullPointerException, followed by the error SECJ0053E: Authorization failed. The error occurs because the EJB Container caches a reference to the in-memory copy of the configuration, which becomes stale after 3 minutes and is no longer accessible. The error appears intermittent since the configuration may be processed properly if an EJB method is called before the data becomes stale. When the error occurs, the EJB Container will log the following error: CNTR0020E: EJB threw an unexpected (non-declared) exception during invocation of method "methodxxxx" on bean "BeanId(<application>#<module>.jar#<bean>,null)". Exception data: javax.ejb.AccessLocalException: ; nested exception is: com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ... at com.ibm.ws.security.core.SecurityCollaborator.performAuthorizati on(SecurityCollaborator.java:642) at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSe curityCollaborator.java:268) at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCollaboratorAdapter.p reInvoke(EJBSecurityCollaboratorAdapter.java:66) at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCollaboratorAdapter.p reInvoke(EJBSecurityCollaboratorAdapter.java:40) at com.ibm.ejs.container.EJSContainer.notifySecurityCollaboratorPre Invoke(EJSContainer.java:3405) at com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSCon tainer.java:3338) at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:2 502)
Problem conclusion
The EJB Container has been updated to consistently read the "run as-mode" (XML) or "runAsSettings" (XMI) elements in the ibm-ejb- jar-ext.xml/xmi file. The SECJ0053E error will no longer occur. The fix for this APAR is targeted for inclusion in fix pack 9.0.5.9. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH37410
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-20
Closed date
2021-07-21
Last modified date
2021-07-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021