Direct links to fixes
APAR status
Closed as program error.
Error description
When you invoke a service by using the executeServiceByName URL, there is no access restriction based on the service type. Instead, services that were meant for internal use only are available for authenticated users.
Local fix
Problem summary
No additional information is available.
Problem conclusion
A fix is available for all supported releases of IBM BPM and WebSphere Lombardi Edition. This fix validates the service type for invocations that are performed by using the executeServiceByName URL. With this fix installed, it is possible to start human services that are exposed to the logged-on user and to start AJAX Services. You will not be able to start other services unless all of the following requirements are met: - The request is processed on Process Center. - The request was issued by Process Designer in a playback session. - The user who issued this request is a member of the tw_authors group. - The user who issues this request is granted Read access to the process application. For backwards compatibility, a new configuration flag is introduced. By setting the following compatibility flag to false in the 100Custom.xml file, you can re-enable the previous behavior: <server merge=?mergeChildren?> <web-workflow-manager merge=?mergeChildren?> <enforce-correct-service-type-for-execute-service-by-name> false </enforce-correct-service-type-for-execute-service-by-name> </web-workflow-manager> </server> On Fix Central (http://www.ibm.com/support/fixcentral), search for JR52126 (IBM BPM) or search for IT06189 (WebSphere Lombardi Edition): 1. Select IBM Business Process Manager with your edition or IBM WebSphere Lombardi Edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR52126 (IBM BPM) or IT06189 (WebSphere Lombardi Edition), and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Not applicable
Comments
APAR Information
APAR number
JR52126
Reported component name
BPM STANDARD
Reported component ID
5725C9500
Reported release
751
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-12-19
Closed date
2015-03-13
Last modified date
2015-03-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IT06189
Fix information
Fixed component name
BPM STANDARD
Fixed component ID
5725C9500
Applicable component levels
R751 PSY
UP
R801 PSY
UP
R850 PSY
UP
R855 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
13 October 2021