IBM Support

PI45557: REMOTE EJB CALL TO CLUSTERED WEBSPHERE Z/OS SERVER FAILS DUE TO MISSING SECURITY CONTEXT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In the customer case a remote EJB call is made from a WebSphere
    server on Solaris 10 to a clustered WebSphere server on z/OS.
    When the z/OS server runs with one servant address space, the
    call completes normally. In the case where there are multiple
    servants the call fails, with security context data being lost.
    
    This problem will be externalized by messages like:
    --
    Unauthenticated or missing subject/credentials.;
    java.lang.Exception: Unauthenticated or missing
    subject/credentials.
    
     at
    com.ibm.ws.security.role.RoleBasedAuthorizerImpl.getEffective
     Credentials(RoleBasedAuthorizerImpl.java:779)
    Tracing of the ORB, Communication and Security components on
    shows the security context is lost during processing of
    locate interceptors which are used to handle multiple security
    domains.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server for z/OS V8.0 and V8.5               *
    ****************************************************************
    * PROBLEM DESCRIPTION: Remote EJB call to clustered            *
    *                      Websphere z/OS server fails due to      *
    *                      missing security context                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In the customer case a remote EJB call is made from a WebSphere
    server to a clustered WebSphere server on z/OS.
    When the z/OS server runs with one servant address space, the
    call completes normally. In the case where there are multiple
    servants, the call fails, with security context data being
    lost.
    This problem will be externalized by messages like:
    --
    Unauthenticated or missing subject/credentials.;
    java.lang.Exception: Unauthenticated or missing
    subject/credentials.
    at
    com.ibm.ws.security.role.RoleBasedAuthorizerImpl.getEffective
    Credentials(RoleBasedAuthorizerImpl.java:779)
    Tracing of the ORB, Communication and Security components
    shows the security context is lost during processing of
    locate interceptors which are used to handle multiple security
    domains.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI45557

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-07-23

  • Closed date

    2015-11-23

  • Last modified date

    2015-11-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022