PH66978: When global security is enabled, access to unprotected EJBs is denied for unauthenticated users

APAR status

Closed as program error.

Error description

Unprotected EJBs were accessible to all users until global
security was enabled. After enabling global security, users
began encountering the following error:

Sample Error Stack
----------------------------------
java.rmi.AccessException: CORBA NO_PERMISSION 0x49424300 No;
nested exception is:
        org.omg.CORBA.NO_PERMISSION:
        >> SERVER (id=67526666, host=IBM123) TRACE
START:
        >>    org.omg.CORBA.NO_PERMISSION: CWWIM4513E  The
password match failed for the 'wasadmin' principal name.
vmcid: 0x49424000  minor code: 300  completed: No
        >>       at
com.ibm.ISecurityLocalObjectBaseL13Impl.PrincipalAuthFailReason.
map_auth_fail_to_minor_code(PrincipalAuthFailReason.java:88)
        >>       at
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.authenti
cateSecurityTokens(CSIServerRIBase.java:4530)
        >>       at
com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.receive_requ
est(CSIServerRI.java:592)

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
****************************************************************
* PROBLEM DESCRIPTION: When global security is enabled,        *
*                      access                                  *
*                      to unprotected EJBs is denied for       *
*                      unauthenticated users                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Access was prematurely denied to unauthenticated users without
evaluating the security constraints of the target EJB.

Problem conclusion

The bug has been fixed.

To enable the APAR code, the following security custom property
needs to be enabled:

Custom property:
com.ibm.websphere.security.csiv2.tokenauth.continueWithUnauthent
icatedSubject

Value: true (Default false)


The fix for this APAR is targeted for inclusion in fix pack
8.5.5.29 and 9.0.5.25. For more information, see 'Recommended

Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

Temporary fix

Comments

APAR Information

APAR number
PH66978
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2025-06-16
Closed date
2025-07-25
Last modified date
2025-12-10

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Document Information

Modified date:
10 December 2025

Tips

PH66978: When global security is enabled, access to unprotected EJBs is denied for unauthenticated users

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?