IBM Support

PM77076: NEED A WS-SECURITY PACKAGE FOR STACK PRODUCTS

Fixes are available

8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Need an out-of-box ws-security package that does not have
    dependency on WebSphere Application Server platform and works
    with other J2EE servers shipped in IBM products.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server            *
    *                  developers of WS-Security enabled JAX-WS    *
    *                  web services applications                   *
    ****************************************************************
    * PROBLEM DESCRIPTION: A Web Services Security common          *
    *                      component does not exist for            *
    *                      IBM stacked products to use.            *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The WebSphere WS-Security runtime was initially designed to
    run on either the Axis2 runtime shipped in WebSphere
    Application Server or on open-source Axis2.  A separate jar
    for use with open-source Axis2 was never created.
    

Problem conclusion

  • The JAX-WS WS-Security build process is updated to build a jar
    that can be used with open-source Axis2.  This jar is not
    distributed with the WebSphere Application Server product.  It
    is availble only for distribution by IBM products that wish to
    use it.
    
    However, other updates are made to the JAX-WS WS-Security
    common code in the application server to facilitate this
    change.
    
    The following external updates are made to the application
    server:
    
    1) wsjaas_client.conf packaged in the thinclient jar:
    
    JAX-WS thin client applications will no longer have to set the
    JVM system property to identify the JAAS configuration file.
    This is
    -Djava.security.auth.login.config=(profileRoot)\properties\wsja
    as_client.conf
    
    The default wsjaas_client.conf has been packaged into
    com.ibm.jaxws.thinclient_*.jar.  When running on a thin
    client, if the WS-Security runtime cannot find the JAAS
    configuration, it will load this default JAAS configuration
    file out of the thinclient jar.
    
    2) New SPIs are added to
    com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory
    
    public boolean isServiceProvider()
    public TokenGeneratorConfig getTokenGeneratorConfig(Map
    WSSContext)
    public TokenConsumerConfig getTokenConsumerConfig(Map
    WSSContext)
    public List getConsumedTokens(Map WSSContext)
    
    3) Error fixed in thinclien platform.properties
    
    In the platform.properties file in the thinclient jar, the
    value for the com.ibm.ws.wssecurity.platform.ExchangeToken
    property is incorrect.  This will cause some
    GenericSecurityToken scenarios to fail.  The value is corrected.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.29, 8.0.0.6, and the fix pack following
    8.5.0.2. Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM77076

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-14

  • Closed date

    2013-02-06

  • Last modified date

    2013-02-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM77076

Modified date: 06 February 2013