PM56163: The WebSphere security context of the caller is not propagated to the eXtreme Scale agent thread.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The security context on an eXtreme Scale agent
    thread running in a WebSphere Application Server
    environment is always the security context of
    the server, instead of the context of the caller that made the
    agent invocation.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of WebSphere eXtreme Scale who use    *
    *                  the AgentManager function.                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: When using an agent, the security       *
    *                      context is not the caller context       *
    *                      like it is with other ObjectMap         *
    *                      operations.                             *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When running in a WebSphere Application Server environment,
    threads must have a security context when security is
    enabled.  The WebSphere eXtreme Scale runtime environment must
    specify a context when it runs a thread, to avoid security
    errors.  Agents are an example of where the eXtreme
    Scale runtime uses a thread to do work.  To have a
    security context on the thread, the system security context
    was used.  When the work being run on the thread is initiated
    by user invocation, it is still using the system security
    context, instead of the user security context.
    

Problem conclusion

  • The code was changed to provide a way to configure the
    security context that is used on the client and the server for
    commands like those commands used for AgentManager. The default
    behavior is still to use the system identity, but you can
    specify the caller context to be used instead.
    
    To configure to use the caller security context, you
    must create a custom property at the cell, node, or server
    level in WebSphere Application Server.  Usually you would create
    it at the cell level when running in a network deployment
    topology, and you would create it at the server level when
    running in a single server topology.  If you create the
    property in more than one level, the precedence is server,
    node, cell.  For example, the value of the property on the
    server overrides the value specified at the cell level.  The
    property name is
    com.ibm.websphere.xs.security.command.runAsType.  To run with
    the caller security context, specify a value of CALLER.  To
    run with the system security context, specify a value of
    SYSTEM.  When you start your application server you now see a
    message with a prefix of CWOBJ0072I that specifies
    which run as type is being used.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM56163

  • Reported component name

    XD EXTREME SCAL

  • Reported component ID

    5724J3402

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-01-17

  • Closed date

    2012-02-03

  • Last modified date

    2012-02-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    XD EXTREME SCAL

  • Fixed component ID

    5724J3402

Applicable component levels

  • R710 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere eXtreme Scale
General

Software version:

710

Reference #:

PM56163

Modified date:

2012-02-03

Translate my page

Machine Translation

Content navigation