IBM Support

PM70833: SOME WS-SECURITY APIS REQUIRE THAT BASE64 DATA BE DECODED, BUT DOES NOT PROVIDE A METHOD TO DECODE THE DATA

Fixes are available

7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
8.5.0.2: WebSphere Application Server V8.5 Fix Pack 2
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The LTPA token in the HTTP header is Base64 encoded.  If you
    want to pass an LTPA token into the LTPA token generator, you
    must pass token bytes that are not encoded.  So, if you want
    to pick the LTPA token off of the HTTP header and pass it to
    the LTPA token generator, you must first decode the token
    before sending it to the LTPA token generator.  The
    WS-Security runtime does not provide a method to decode the
    token bytes.
    

Local fix

  • na
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server            *
    *                  developers of WS-Security enabled JAX-WS    *
    *                  applications                                *
    ****************************************************************
    * PROBLEM DESCRIPTION: Some WS-Security APIs require that      *
    *                      Base64 data be decoded, but a method    *
    *                      to decode the data is not provided      *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that contains this       *
    *                  APAR.                                       *
    ****************************************************************
    The LTPA token in the HTTP header is Base64 encoded.  If you
    want to pass an LTPA token into the LTPA token generator, you
    must pass token bytes that are not encoded.  So, if you want
    to pick the LTPA token off of the HTTP header and pass it to
    the LTPA token generator, you must first decode the token
    before sending it to the LTPA token generator.  The
    WS-Security runtime does not provide a method to decode the
    token bytes.
    There are other actions that an application developer is
    expected to perform to interact with the WS-Security engine
    that may be either difficult or unclear how to implement.
    

Problem conclusion

  • Two new utility classes are created in WS-Security for use by
    application developers:
    
    com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory
    com.ibm.wsspi.wssecurity.wssapi.OMStructureFactory
    
    
    WSSUtilFactory contains some general utility methods that an
    application developer may find helpful when interacting with
    WS-Security through WSSAPIs or JAAS login modules.
    
    OMStructureFactory is provided so that an application
    developer can use the WS-Security engine's implementation
    class for OMStructure instead of having to create their own
    when implementing custom tokens.
    
    
    WSSUtilFactory contains the following methods:
    
    WSSUtilFactory getInstance() throws WSSException;
    String encode(byte[] data);
    byte[] decode(String data);
    KeyStore getKeyStore(String keyStoreRef) throws WSSException;
    KeyStore getKeyStore(String storeType, String storePath,
    char[] storePass) throws WSSException;
    Map getHTTPRequestHeaders(MessageContext msgContext);
    Map getHTTPRequestHeaders(Map wssContext);
    Map getHTTPRequestHeaders(CallbackHandler handler) throws
    WSSException;
    Map getWSSContext(CallbackHandler handler) throws WSSException;
    MessageContext getMessageContext(Map wssContext);
    MessageContext getMessageContext(CallbackHandler handler)
    throws WSSException;
    Map getCallbackHandlerProperties(Map wssContext);
    Map getCallbackHandlerProperties(CallbackHandler handler)
    throws WSSException;
    OMElement getProcessingElement(Map wssContext);
    org.w3c.dom.Element getDOMProcessingElement(Map wssContext);
    void setConsumedToken(Map WSSContext, SecurityToken token);
    void setConsumedToken(Map WSSContext, List tokens);
    void setGeneratedToken(Map WSSContext, SecurityToken token);
    void setGeneratedToken(Map WSSContext, List tokens);
    
    OMStructureFactory contains the following methods:
    
    OMStructureFactory getInstance() throws WSSException;
    com.ibm.wsspi.wssecurity.wssapi.OMStructure
      getOMStructure(OMElement node);
    com.ibm.wsspi.wssecurity.wssapi.OMStructure
      getOMStructure(org.w3c.dom.Element element) throws Exception;
    
    
    To use methods in each class, first obtain an instance of the
    class with the getInstance() method, then invoke the methods
    through that insance.  For instance:
    
    WSSUtilFactory utilFactory = WSSUtilFactory.getInstance();
    byte [] decodedBytes = factory.decode(encodedBytes);
    
    OMStructureFactory omsFactory =
      OMStructureFactory.getInstance();
    OMStructure om = omsFactory.getOMStructure(myOmElement);
    
    
    Full javadoc for these new classes and methods will be availble
    in the information center.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.27, 8.0.0.6, 8.5.0.2.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM70833

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-08-14

  • Closed date

    2012-10-15

  • Last modified date

    2012-10-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM70833

Modified date: 15 October 2012