IBM Support

PK69843: ClassCastException in custom authorization token implementation of AuthenticationToken and SingleSignOnToken

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When implementing a custom authorization token from a custom
    implementation of the AuthorizationToken interface a
    ClassCastException is thrown similar to this...
    
    ------Start of DE processing------ = [7/17/08 19:05:02:421 CEST]
    , key =
    java.lang.ClassCastException
    com.ibm.ws.security.auth.ContextManagerImpl.getServerCredential
    1925
    Exception = java.lang.ClassCastException
    Source =
    com.ibm.ws.security.auth.ContextManagerImpl.getServerCredential
    probeid = 1925
    Stack Dump = java.lang.ClassCastException:
    com.xyz.iap.wasextensions.userdata.UserSessionDataToken
    incompatible
    with com.ibm.ws.security.token.AbstractTokenImpl
     at
    com.ibm.ws.security.auth.ContextManagerImpl$7.run(ContextManager
    Impl.jav
    a:2047)
    ...
    
    Our class
    com.xyz.iap.wasextensions.userdata.UserSessionDataToken
    implements interface
    com.ibm.wsspi.security.token.AuthorizationToken
    but does not extend com.ibm.ws.security.token.AbstractTokenImpl.
    
    This also may be seen with AuthenticationToken and
    SingleSignOnToken
    

Local fix

  • extend the AbstractTokenImpl instead of implementing
    AuthorizationToken or similar for AuthenticationToken and
    SingleSignOnToken
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of WebSphere Application Server   *
    *                  who use custom Token by implementing        *
    *                  AuthorizationToken, AuthenticationToken     *
    *                  or SingleSignOnToken interface              *
    ****************************************************************
    * PROBLEM DESCRIPTION: ClassCastException is thrown when       *
    *                      custom token is used.                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    WebSphere was casting custom token to AbstractTokenImpl class
    without first checking if the token is an instance of
    AbstractTokenImpl. The instance check was necessary.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PK69843

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    61W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-07-30

  • Closed date

    2008-08-13

  • Last modified date

    2010-03-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 December 2021