IBM Support

PM20074: JAVA.LANG.NULLPOINTEREXCEPTION WHEN USING CTG LOGON MODULE.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CTG Login module implementation which is used to pass
    credential information to CTG Resource adapter encounters
    problem on zOS when using LDAP as the user registry
    
    You may see the following exception with traces.
    Trace: 2009/10/28 12:27:22.836 01 t=9C5210 c=0.F key=P8 (1300700
    ThreadId: 00000017
    FunctionName: finalizeSubject
    SourceId: com.ibm.ejs.j2c.ThreadIdentitySecurityHelper
    Category: FINER
    ExtendedMessage: Entry; com.ibm.ejs.j2c.ThreadIdentitySecurity
    Principal: com.ibm.ctg.security.CICSPrincipal@71947194
    , com.ibm.connector2.cics.ECIConnectionRequestInfo@dbd15ffb
    java.lang.NullPointerException
    at com.ibm.ws.security.auth.PlatformCredential.getUnauthenticat
    at com.ibm.ws.security.auth.PlatformCredential.<init>(PlatformC
    at com.ibm.ws.security.zOS.PlatformCredentialManager.createDefa
    at com.ibm.ws.security.zOS.threadid.ThreadIdentityManager.getPl
    at com.ibm.ws.security.zOS.threadid.ThreadIdentityManager.extra
    at com.ibm.ws.security.zOS.threadid.ThreadIdentityManager.getLo
    at com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject
    at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(Connect
    at com.ibm.connector2.cics.ECIConnectionFactory.getConnection(U
    at ejbs.IDPropSessionBean.callIDProp(Unknown Source)
    at ejbs.IDPropSessionBean.executeTran(Unknown Source)
    at ejbs.IDPropSessionBean.executeTest(Unknown Source)
    at ejbs.EJSRemoteStatelessIDPropRunAsSession_799f77b6.executeTe
    at ejbs._EJSRemoteStatelessIDPropRunAsSession_799f77b6_Tie.exec
    at ejbs._EJSRemoteStatelessIDPropRunAsSession_799f77b6_Tie._inv
    at com.ibm.ws390.orb.CommonBridge.invoke(CommonBridge.java:1187
    at com.ibm.ws390.orb.ORBEJSBridge.invoke(ORBEJSBridge.java:270)
    at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
    at java.lang.reflect.Method.invoke(Method.java:600)
    at com.ibm.ws390.orb.parameters.ORBEJSBridgeInvoke.ORBEJSBridge
    at com.ibm.ws390.orb.CommonBridge.nativeRunApplicationThread(Na
    at com.ibm.ws390.orb.CommonBridge.runApplicationThread(CommonBr
    at com.ibm.ws.util.ThreadPool?ZOSWorker.run(ThreadPool.java:175
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of WebSphere Application Server    *
    *                 V6.1                                         *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: java.lang.NullPointerException when     *
    *                      using CTG logon module on z/OS          *
    *                                                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    CICS Transaction Gateway, has implemented a login module on
    WAS  which is used to pass credential information
    through the CICS Transaction Gateway Resource Adapter to CICS.
    This works fine on distributed, but doesn't work on z/OS. The
    problem is that on z/OS, the j2c code is calling zOS-specific
    security API's that attempt to create a UTOKEN credential (RACF
    security token) to use as the J2C subject.  This fails because
    we don't have a PlatformCredential since they have
    configured LDAP as the user registry.
    

Problem conclusion

  • Code has been added to determine if SAF authorization
    is enabled and based on it appropriate security helper will
    be used to overcome the issue.
    
    APAR PM20074 is currently targeted for inclusion in Service
    Level (Fix Pack) 6.1.0.33 of WebSphere Application Server V6.1.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM20074

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-08-06

  • Closed date

    2010-08-19

  • Last modified date

    2010-10-02

  • APAR is sysrouted FROM one or more of the following:

    PM07993

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • BBGUBINF BBOUBINF
    

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R610 PSY UK59848

       UP10/09/11 P F009

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
10 February 2022