IBM Support

PM64516: JCA NOT SETTING THREAD IDENTITY CORRECTLY IN A MUTLIPLE SECURITY DOMAIN ENVIRONMENT

Fixes are available

8.5.0.1: WebSphere Application Server V8.5 Fix Pack 1
8.0.0.5: WebSphere Application Server V8.0 Fix Pack 5
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
8.5.0.2: WebSphere Application Server V8.5 Fix Pack 2
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In a multiple security domain, when application does datasoure
    lookup during application startup, J2C components thread
    identity related initializations can be incorrect such that
    thread identity may not be used for authentication
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V7.0, V8.0 and V8.5                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: Datasource lookup during application    *
    *                      startup not setting thread identity     *
    *                      correctly in a multiple security        *
    *                      domain environment                      *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    To support thread identity on z/OS, websphere j2c component
    needs to create appropriate security helper class during
    initialization where  it reads the required properties from
    the security configuration. WebSphere V7.0 provided the
    support for the multiple security domains, using which it is
    possible to create a separate security domain for the
    applications. In such environments the admin security domain
    will be in effect till the applications are started and once
    the applications are started the application security domain
    will be in effect.
    In a multiple security domain environment if the application
    attempts to lookup the datasource during the applications
    startup process (e.g startup beans) the j2c component
    initializes the security helper class by reading the security
    properties from the security.xml relavant to the
    admin security domain that is in effect at that point. This is
    not correct because when an application security domain exists
    the security properties should be read from the relavant
    application security domain (ie domain-security.xml) for all
    application requests.
    

Problem conclusion

  • WebSphere j2c component has been updated to read the security
    properties from the appropriaate domain in a multiple security
    domain environment.
    
    APAR PM64516 is currently targeted for inclusion in
    WebSphere Application Server Fix Packs 7.0.0.27, 8.0.0.5, and
    8.5.0.1.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM64516

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-05-11

  • Closed date

    2012-07-30

  • Last modified date

    2013-02-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R700 PSY UK90578

       UP13/01/18 P F301

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: WebSphere Application Server for z/OS
General

Software version: 7.0

Reference #: PM64516

Modified date: 04 February 2013