IBM Support

PK68681: FIX CREDENTIALS REQUIRED FOR THE THREAD DURING TRANSACTION RECOVERY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Fix credentials required for the thread during transaction
recovery (for V6.0.2)

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server users of   *
*                  Java DataBase Connectivity (JDBC) and J2EE  *
*                  Connector Architecture (JCA)                *
*                                                              *
****************************************************************
* PROBLEM DESCRIPTION: A RoleBasedAppException occurs during   *
*                      transaction recovery indicating the     *
*                      thread lacks the required accessId of   *
*                      the caller.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A RoleBasedAppException occurs during transaction recovery
indicating the thread lacks the required accessId of the
caller.  The exception causes the transaction to not recover.
The RoleBasedAppException occurs because the thread performing
tranaction recovery lacks the accessId, which the user
presumably mapped to an Administrative security role, to read
(monitor) the server configuration.  The exception occurs
while the connection manager determines whether a resource
provider is installed on the server.  Here is an example of a
RoleBasedAppException that may occur:



[8/16/07 10:26:18:413 EEST] 00000086 RoleBasedAuth E
SECJ0306E
: No received or invocation credential exist on the thread.
The Role based authorization check will not have an accessId of
the caller to check. The parameters are: access check method

queryConfigObjects:com.ibm.websphere.management.Session:

javax.management.ObjectName:javax.management.ObjectName:

javax.management.QueryExp on resource ConfigService and module

ConfigService.

The stack trace is

java.lang.Exception: Invocation and received credentials are

both null

 at
com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess
(RoleBasedAuthorizerImpl.java:251)

 at
com.ibm.ws.management.configservice.ConfigServiceServerProxy
.securityCheck(ConfigServiceServerProxy.java:1022)

 at
com.ibm.ws.management.configservice.ConfigServiceServerProxy
$10.run(ConfigServiceServerProxy.java:406)

 at
com.ibm.ws.security.util.AccessController.doPrivileged(Acces
sController.java(Compiled Code))

 at
com.ibm.ws.management.configservice.ConfigServiceServerProxy
.queryConfigObjects(ConfigServiceServerProxy.java:401)

 at
com.ibm.ejs.j2c.RALifeCycleManagerImpl.isProviderInstalled(R
ALifeCycleManagerImpl.java:2688)

 at
com.ibm.ws.Transaction.JTA.ASXAResourceFactoryImpl.getXAReso
urce(ASXAResourceFactoryImpl.java:85)

 at
com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.reconnectRM(JTA
XAResourceImpl.java:604)

 at
com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.commit(JTAXARes
ourceImpl.java:300)

 at
com.ibm.ws.Transaction.JTA.RegisteredResources.deliverOutcom
e(RegisteredResources.java:1961)

 at
com.ibm.ws.Transaction.JTA.RegisteredResources.distributeOut
come(RegisteredResources.java:2464)

 at
com.ibm.ws.Transaction.JTA.TransactionImpl$RetryAlarm.alarm(
TransactionImpl.java:5146)

 at com.ibm.ejs.util.am._Alarm.run(_Alarm.java(Compiled Code))

 at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471).
[8/16/07 10:26:18:414 EEST] 00000086 RoleBasedAuth A
SECJ0305I
: The role-based authorization check failed for admin-authz
operation ConfigService:queryConfigObjects:com.ibm.websphere
.management.Session:

javax.management.ObjectName:javax.management.ObjectName:

javax.management.QueryExp.

The user UNAUTHENTICATED (unique ID: unauthenticated) was not
granted any of the following required roles: administrator,
operator, monitor, configurator.

[8/16/07 10:26:18:415 EEST] 00000086 RALifeCycleMa E

J2CA0154E: The method queryConfigObjects on class
ConfigService returned the following exception:

com.ibm.websphere.management.exception.ConfigServiceException:

com.ibm.ws.security.role.RoleBasedAppException: ADMN0022E:

Access is denied for the queryConfigObjects operation on
ConfigService MBean because of insufficient or empty
credentials.

 at
com.ibm.ws.management.configservice.ConfigServiceServerProxy
$10.run(ConfigServiceServerProxy.java:408)

 at
com.ibm.ws.security.util.AccessController.doPrivileged(Acces
sController.java(Compiled Code))

 at
com.ibm.ws.management.configservice.ConfigServiceServerProxy
.queryConfigObjects(ConfigServiceServerProxy.java:401)

 at
com.ibm.ejs.j2c.RALifeCycleManagerImpl.isProviderInstalled(R
ALifeCycleManagerImpl.java:2688)

 at
com.ibm.ws.Transaction.JTA.ASXAResourceFactoryImpl.getXAReso
urce(ASXAResourceFactoryImpl.java:85)

 at
com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.reconnectRM(JTA
XAResourceImpl.java:604)

 at
com.ibm.ws.Transaction.JTA.JTAXAResourceImpl.commit(JTAXARes
ourceImpl.java:300)

 at
com.ibm.ws.Transaction.JTA.RegisteredResources.deliverOutcom
e(RegisteredResources.java:1961)

 at
com.ibm.ws.Transaction.JTA.RegisteredResources.distributeOut
come(RegisteredResources.java:2464)

 at
com.ibm.ws.Transaction.JTA.TransactionImpl$RetryAlarm.alarm(
TransactionImpl.java:5146)

 at com.ibm.ejs.util.am._Alarm.run(_Alarm.java(Compiled Code))

 at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)

    



Problem conclusion


    

  • This is a backport of apar PK52057. PK52057 makes the
following change: modify the connection manager to associate
the required accessId to the thread when reading the server
configuration during transaction recovery.

The fix for this APAR is currently targeted for inclusion in
fix pack 6.0.2.33.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK68681
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    60I
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2008-07-08
    • 

  • Closed date
    2008-09-29
    • 

  • Last modified date
    2008-09-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBS APP SERV N
    • 

  • Fixed component ID
    5724H8800
    • 



Applicable component levels


    

  • R60A  PSY
       UP
    • 

  • R60H  PSY
       UP
    • 

  • R60I  PSY
       UP
    • 

  • R60P  PSY
       UP
    • 

  • R60S  PSY
       UP
    • 

  • R60W  PSY
       UP
    • 

  • R60Z  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            10 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback