IBM Support

PM99067: READING BLA COMPOSITION UNIT FAILS DUE TO LACK OF AUTHORITY

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The WebSphere Application Server runtime fails to restart
    business-level applications when administrative security is
    enabled and the application binaries have been updated.
    Following is the exception stack which is reported in
    SytemOut.log when this problem occurs;
    
    --------------------------------------------
    [13/10/09 12:08:19:695 JST] 0000004c AdminHelper Z ADMN1009I: An
    attempt is made to start the BOM application.
    [13/10/09 12:08:19:703 JST] 0000004c RoleBasedAuth E SECJ0326E
    No received or invocation credential exist on the thread. The
    Role based authorization check will not have an accessID of
    the caller to check.
    The parameters are: role name administrator. The stack trace is
    java.lang.Exception: Invocation and received credentials are
    both null
    at
    com.ibm.ws.security.role.RoleBasedAuthorizerImpl.isGrantedAnyRol
    e(RoleBasedAuthorizerImpl.java:1536)
    
    >>>
    
    at
    com.ibm.ws.management.bla.model.CompositionUnitConfig.read(Compo
    sitionUnitConfig.java:464)
    at
    com.ibm.ws.management.bla.model.CompositionUnitFactoryImpl.popul
    ateCU(CompositionUnitFactoryImpl.java:261)
    --------------------------------------------
    

Local fix

  • This issue originall reported by APAR PM69830 which is targeted
    for WAS V8.5.
    The same issue occurs on WAS V7.0, and create a new APAR for
    WAS V7.0.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V7.0 and V8.0                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: Application restart fails with          *
    *                      "insufficient authority" messages       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In configurations where administrative security is enabled, a
    code path exists in which a restart operation may be attempted
    without the correct credentials being placed on the thread.
    This results in an exception while reading composition unit
    data and a failure to start the application.
    

Problem conclusion

  • Code was added to correctly ensure that the correct
    credentials were put in place when reading the composition
    unit data.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.33 and 8.0.0.9.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM99067

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-10-15

  • Closed date

    2014-02-18

  • Last modified date

    2014-02-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM99067

Modified date: 18 February 2014