IBM Support

PI34326;8.5.5: Frequent WSOpaqueToken W SECJ5003W

Download


Abstract

com.ibm.ws.security.oauth20.token.impl export is missing from the file com.ibm.ws.security.oauth2.jar

Download Description

PI34326 resolves the following problem:

ERROR DESCRIPTION:
The following message in SystemOut.log very frequently:

CompoundClass > loadClass
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl
this=com.ibm.ws.classloader.CompoundClassLoader@4aeb5665[PL][appwar:Communities] Entry

CompoundClass < loadClass
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl
failed Exit
java.lang.ClassNotFoundException:
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl

WSOpaqueToken W SECJ5003W: An error occurred while de-serializing a custom object from the inbound authorization token. This does not cause the request to fail but this custom object will not get restored in the inbound Subject.

LOCAL FIX:
None

PROBLEM SUMMARY

USERS AFFECTED:
IBM WebSphere Application Server users of the OAuth TAI

PROBLEM DESCRIPTION:
com.ibm.ws.security.oauth20.token.impl export is missing from the file com.ibm.ws.security.oauth2.jar

RECOMMENDATION:
Install a fix pack that contains this APAR.

When using the OAuth Trust Association Interceptor (TAI), you may see messages like the following in SystemOut.log:


CompoundClass < loadClass
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl
failed Exit
java.lang.ClassNotFoundException:
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl
WSOpaqueToken W SECJ5003W: An error occurred while de-serializing a custom object from the inbound authorization token. This does not cause the request to fail but this custom object will not get restored in the inbound Subject.


An FFDC like the following is produced:
FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident
FFDC1003I: FFDC Incident emitted on
/opt2/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/ffdc/test_server2_1297b8a0_15.02.02_17.31.23.4156843171133233607947.txt
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule.log
in 1686


The following may be observed in a trace:
wsMapDefaultI 3 Exception deserializing custom objects.
java.lang.ClassNotFoundException:
com.ibm.ws.security.oauth20.token.impl.WSOAuth20TokenImpl
wsMapDefaultI 3 Successfully deserialized a custom privateobject:
{com.ibm.wsspi.security.cred.cacheKey=connectionsProvider-218271251, OAuthProvider=connectionsProvider}

PROBLEM CONCLUSION:
The following export is missing from the com.ibm.ws.security.oauth2.jar file:

com.ibm.ws.security.oauth20.token.impl

The export has been added.

8.5.5.3-WS-WASProd-IFPI34326.zip applies to fixpacks 8.5.5.3 through 8.5.5.5.


8.5.5.6-WS-WASProd-IFPI34326.zip applies to fixpack 8.5.5.6.

The fix for this APAR is currently targeted for inclusion in fix packs 7.0.0.39, 8.0.0.11 and 8.5.5.7. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Keywords: IBMWL3WSS, OAUTH, INTERIMFIX

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"5887","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI34326/8.5.5.5/readme.txt"}]
On
[{"DNLabel":"8.5.5.3-WS-WASProd-IFPI34326","DNDate":"05-29-2015","DNLang":"US English","DNSize":"254812","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.3-WS-WASProd-IFPI34326&productid=WebSphere Application Server&brandid=5","DNURL_FTP":"","DDURL":null},{"DNLabel":"8.5.5.6-WS-WASProd-IFPI34326","DNDate":"23 Jul 2015","DNLang":"US English","DNSize":"252100","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.6-WS-WASProd-IFPI34326&productid=WebSphere Application Server&brandid=5","DNURL_FTP":" ","DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3","Edition":"Base;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24040108