Fixes are available
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
Fix credentials required for the thread during TX recovery
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server users of * * JDBC and JCA. * **************************************************************** * PROBLEM DESCRIPTION: A RoleBasedAppException occurs during * * transaction recovery indicating the * * thread lacks the required accessId of * * the caller. The exception causes the * * transaction to not recover. * **************************************************************** * RECOMMENDATION: * **************************************************************** The RoleBasedAppException occurs because the thread performing tranaction recovery lacks the accessId, which the user presumably mapped to an Administrative security role, to read (monitor) the server configuration. The exception occurs while the connection manager determines whether a resource provider is installed on the server. Here is an example of a RoleBasedAppException that may occur: [8/16/07 10:26:18:413 EEST] 00000086 RoleBasedAuth E SECJ0306E : No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method queryConfigObjects:com.ibm.websphere.management.Session: javax.management.ObjectName:javax.management.ObjectName: javax.management.QueryExp on resource ConfigService and module ConfigService. The stack trace is java.lang.Exception: Invocation and received credentials are both null at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess (RoleBasedAuthorizerImpl.java:251) at com.ibm.ws.management.configservice.ConfigServiceServerProxy .securityCheck(ConfigServiceServerProxy.java:1022) at com.ibm.ws.management.configservice.ConfigServiceServerProxy $10.run(ConfigServiceServerProxy.java:406) at com.ibm.ws.security.util.AccessController.doPrivileged(Acces sController.java(Compiled Code)) at com.ibm.ws.management.configservice.ConfigServiceServerProxy .queryConfigObjects(ConfigServiceServerProxy.java:401) at com.ibm.ejs.j2c.RALifeCycleManagerImpl.isProviderInstalled(R ALifeCycleManagerImpl.java:2688) at com.ibm.ws.Transaction.JTA.ASXAResourceFactoryImpl.getXAReso urce(ASXAResourceFactoryImpl.java:85) at com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.reconnectRM(JTA XAResourceImpl.java:604) at com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.commit(JTAXARes ourceImpl.java:300) at com.ibm.ws.Transaction.JTA.RegisteredResources.deliverOutcom e(RegisteredResources.java:1961) at com.ibm.ws.Transaction.JTA.RegisteredResources.distributeOut come(RegisteredResources.java:2464) at com.ibm.ws.Transaction.JTA.TransactionImpl$RetryAlarm.alarm( TransactionImpl.java:5146) at com.ibm.ejs.util.am._Alarm.run(_Alarm.java(Compiled Code)) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471). [8/16/07 10:26:18:414 EEST] 00000086 RoleBasedAuth A SECJ0305I : The role-based authorization check failed for admin-authz operation ConfigService:queryConfigObjects:com.ibm.websphere .management.Session: javax.management.ObjectName:javax.management.ObjectName: javax.management.QueryExp. The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following required roles: administrator, operator, monitor, configurator. [8/16/07 10:26:18:415 EEST] 00000086 RALifeCycleMa E J2CA0154E: The method queryConfigObjects on class ConfigService returned the following exception: com.ibm.websphere.management.exception.ConfigServiceException: com.ibm.ws.security.role.RoleBasedAppException: ADMN0022E: Access is denied for the queryConfigObjects operation on ConfigService MBean because of insufficient or empty credentials. at com.ibm.ws.management.configservice.ConfigServiceServerProxy $10.run(ConfigServiceServerProxy.java:408) at com.ibm.ws.security.util.AccessController.doPrivileged(Acces sController.java(Compiled Code)) at com.ibm.ws.management.configservice.ConfigServiceServerProxy .queryConfigObjects(ConfigServiceServerProxy.java:401) at com.ibm.ejs.j2c.RALifeCycleManagerImpl.isProviderInstalled(R ALifeCycleManagerImpl.java:2688) at com.ibm.ws.Transaction.JTA.ASXAResourceFactoryImpl.getXAReso urce(ASXAResourceFactoryImpl.java:85) at com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.reconnectRM(JTA XAResourceImpl.java:604) at com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.commit(JTAXARes ourceImpl.java:300) at com.ibm.ws.Transaction.JTA.RegisteredResources.deliverOutcom e(RegisteredResources.java:1961) at com.ibm.ws.Transaction.JTA.RegisteredResources.distributeOut come(RegisteredResources.java:2464) at com.ibm.ws.Transaction.JTA.TransactionImpl$RetryAlarm.alarm( TransactionImpl.java:5146) at com.ibm.ejs.util.am._Alarm.run(_Alarm.java(Compiled Code)) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
Problem conclusion
Apply APAR PK52057 to modify the connection manager to associate the required accessId to the thread when reading the server configuration during transaction recovery. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.15. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK52057
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
60A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-08-31
Closed date
2007-11-12
Last modified date
2008-02-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
28 December 2021