IBM Support

JR52574: STARTSERVICES REST CALL FOR GENERAL SYSTEM SERVICES MIGRATED FROM IBM BPM V7.5.1.1 TO V8.5.5 FAILS WITH CWTBG0568E ERROR

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When you try to start a service of type BACKGROUND by using the
    startService REST API, you see the following error:
    
     CWTBG0568E : Unable to start service type BACKGROUND due to a
    restriction:  Service type must be AJAX or HUMAN
    In releases earlier than IBM Business Process Manager (BPM)
    V8.0, this call was not restricted to services of types Ajax or
    human.
    

Local fix

  • Use services of type AJAX or HUMAN to wrap existing services of
    other types.
    

Problem summary

  • In IBM BPM V8.0 a potential security problem that allowed any
    authenticated user to run all types of services was fixed.
    However, this change limits the type of services that can be
    started by using a REST call to services that can be exposed to
    dedicated teams: Ajax and human services may be executed by
    using REST calls.
    
    The change in behavior is intentional, but you might depend on
    the previous behavior.  Currently, these applications cannot
    work without wrapping existing services in human or Ajax service
    implementations.
    

Problem conclusion

  • A fix for IBM BPM V8.5.5.0 enables administrators to customize
    the restriction for startable services by type. The fix is
    secure by default and allows users to invoke only AJAX and HUMAN
    services by using the REST API. If you have custom client
    applications that rely on the REST API call and expose service
    types other than Ajax or human services, you need to add the
    following configuration information:
    
    A configuration property is introduced to specify the whitelist
    of startable services. In the 100Custom.xml file, add the
    startservice-valid-services stanza to list one or more
    valid-service-entry elements:
    
    <server>
      <portal merge="mergeChildren">
        <startservice-valid-services>
          <valid-service-entry>Ajax Service
          </valid-service-entry>
          <valid-service-entry>Human Service
          </valid-service-entry>
          <valid-service-entry>General System Service
          </valid-service-entry>
        </startservice-valid-services>
      </portal>
    </server>
    
    The following values are possible for valid-service-entry:
    
    - all
    - none
    - Regular Service
    - Rule Service
    - Ajax Service
    - Human Service
    - Integration Service
    - Installation Service
    - General System Service
    - SCA Service
    - Case Manager Integration Service
    - Undercover Agent Passthrough Service
    
    If either the special keyword "all" or "none" is encountered in
    the list, all other entries are ignored.
    
    For more information, see "Modifying runtime server
    configuration properties"
    (http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.5/com.ibm
    .wbpm.admin.doc/topics/cadm_modconfigprops.html) and "The
    99Local.xml and 100Custom.xml configuration files"
    (http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.5/com.ibm
    .wbpm.admin.doc/topics/managing_twks_config_settings.html).
    
    Use this flag only temporarily and convert the existing
    applications to use properly secured human or Ajax services as a
    facade.
    
    On Fix Central (http://www.ibm.com/support/fixcentral), search
    for JR52574:
    
    1. Select IBM Business Process Manager with your edition from
      the product selector, the installed version to the fix pack
      level, and your platform, and then click Continue.
    
    2. Select APAR or SPR, enter JR52574, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

  • Not applicable
    

Comments

APAR Information

  • APAR number

    JR52574

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-02-13

  • Closed date

    2015-04-13

  • Last modified date

    2015-04-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R855 PSY

       UP



Document information

More support for: IBM Business Process Manager Standard

Software version: 855

Reference #: JR52574

Modified date: 13 April 2015