IBM Support

PI70323: PRINCIPAL INJECTION DOES NOT INJECT UNAUTHENTICATED SUBJECT WHEN THERE IS NOT AN AUTHENTICATED SUBJECT IN THE CONTEXT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After upgrading from 8.5.5.7 to 8.5.5.9, which picked up the
    changes for APAR PI35887, Principal Injection fails with the
    message in trace stating "failed to get subject".
    
    Prior to the changes from PI35887, the code got the Subject
    from the EJBContext, which will always return a Subject even
    when there isn't an authenticated Subject in the context.  The
    changes from PI35887 result in the use of a method that will
    return NULL when there is no authenticated Subject in the
    context.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V8.0, V8.5, V9.0 and WebSphere       *
    *                  Liberty                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: Using @Inject Principal would inject    *
    *                      null instead of Unauthenticated         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a user is not logged in @Inject Principal should return a
    subject denoting that the current user has no authentication.
    However it was instead returning null.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI70323

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-10-06

  • Closed date

    2017-03-10

  • Last modified date

    2017-03-10

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
18 October 2021