Direct links to fixes
APAR status
Closed as program error.
Error description
While using IBM Business Process Manager (BPM), you see several operations to start failing with an error containing the SECURITY_ANONYMOUS_DISALLOWED error code. The server SystemOut.log file contains exceptions, for example 3/25/15 9:22:50:222 CET 000001c2 wle E CWLLG2229E: An exception occurred in an EJB call. Error: CWTDS0000E: An unexpected failure occurred. Details: 'FNRCS0001: SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not allowed because the request was made anonymously instead of by an authenticated user. The application server reported that the user was anonymous.' Explanation: An exception was thrown. Action: Check the server log files. com.lombardisoftware.core.TeamWorksException: CWTDS0000E: An unexpected failure occurred. Details: 'FNRCS0001: SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not allowed because the request was made anonymously instead of by an authenticated user. The application server reported that the user was anonymous.' Explanation: An exception was thrown. Action: Check the server log files. at com.lombardisoftware.server.ejb.api. BPDInstanceDocumentAPICore.getDocumentsByInstance (BPDInstanceDocumentAPICore.java:566) at com.lombardisoftware.server.ejb.api. BPDInstanceDocumentAPICore.getDocumentsByInstance (BPDInstanceDocumentAPICore.java:533) at sun.reflect.GeneratedMethodAccessor960.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) Note that the call stack you see might be different because the error happens at several different operations. Restarting the server resolves the issue until it reappears after some time.
Local fix
Problem summary
When accessing the IBM BPM document store, a technical user who is defined as the IBM BPM EmbeddedECMTechnicalUser role type is used for various operations. The javax.security.auth.Subject object for this user is cached with a renewal mechanism before it expires. This issue happens when the credentials within the subject are invalidated by another thread, for example an asynchronous SCA operation.
Problem conclusion
A fix is available for IBM BPM that changes the subject caching logic to always validate the subject before using it. If invalidated, a new subject is created. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR53022: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR53022, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Not applicable
Comments
APAR Information
APAR number
JR53022
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-04-07
Closed date
2015-06-02
Last modified date
2015-06-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM STANDARD
Fixed component ID
5725C9500
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 August 2023