IBM Support

JR52574: STARTSERVICES REST CALL FOR GENERAL SYSTEM SERVICES MIGRATED FROM IBM BPM V7.5.1.1 TO V8.5.5 FAILS WITH CWTBG0568E ERROR

Direct links to fixes

8.5.6.2-WS-BPM-IFJR52574
8.5.5.0-WS-BPM-IFJR52574
Version 8.5 Refresh Pack 7 for the IBM Business Process Manager products

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When you try to start a service of type BACKGROUND by using the
startService REST API, you see the following error:

 CWTBG0568E : Unable to start service type BACKGROUND due to a
restriction:  Service type must be AJAX or HUMAN
In releases earlier than IBM Business Process Manager (BPM)
V8.0, this call was not restricted to services of types Ajax or
human.

Local fix

  • Use services of type AJAX or HUMAN to wrap existing services of
other types.

Problem summary

  • In IBM BPM V8.0 a potential security problem that allowed any
authenticated user to run all types of services was fixed.
However, this change limits the type of services that can be
started by using a REST call to services that can be exposed to
dedicated teams: Ajax and human services may be executed by
using REST calls.

The change in behavior is intentional, but you might depend on
the previous behavior.  Currently, these applications cannot
work without wrapping existing services in human or Ajax service
implementations.

Problem conclusion

  • A fix for IBM BPM V8.5.5.0 enables administrators to customize
the restriction for startable services by type. The fix is
secure by default and allows users to invoke only AJAX and HUMAN
services by using the REST API. If you have custom client
applications that rely on the REST API call and expose service
types other than Ajax or human services, you need to add the
following configuration information:

A configuration property is introduced to specify the whitelist
of startable services. In the 100Custom.xml file, add the
startservice-valid-services stanza to list one or more
valid-service-entry elements:

<server>
  <portal merge="mergeChildren">
    <startservice-valid-services>
      <valid-service-entry>Ajax Service
      </valid-service-entry>
      <valid-service-entry>Human Service
      </valid-service-entry>
      <valid-service-entry>General System Service
      </valid-service-entry>
    </startservice-valid-services>
  </portal>
</server>

The following values are possible for valid-service-entry:

- all
- none
- Regular Service
- Rule Service
- Ajax Service
- Human Service
- Integration Service
- Installation Service
- General System Service
- SCA Service
- Case Manager Integration Service
- Undercover Agent Passthrough Service

If either the special keyword "all" or "none" is encountered in
the list, all other entries are ignored.

For more information, see "Modifying runtime server
configuration properties"
(http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.5/com.ibm
.wbpm.admin.doc/topics/cadm_modconfigprops.html) and "The
99Local.xml and 100Custom.xml configuration files"
(http://www.ibm.com/support/knowledgecenter/SSFPJS_8.5.5/com.ibm
.wbpm.admin.doc/topics/managing_twks_config_settings.html).

Use this flag only temporarily and convert the existing
applications to use properly secured human or Ajax services as a
facade.

On Fix Central (http://www.ibm.com/support/fixcentral), search
for JR52574:

1. Select IBM Business Process Manager with your edition from
  the product selector, the installed version to the fix pack
  level, and your platform, and then click Continue.

2. Select APAR or SPR, enter JR52574, and click Continue.

When you download fix packages, ensure that you also download
the readme file for each fix. Review each readme file for
additional installation instructions and information about the
fix.

Temporary fix

  • Not applicable

Comments

  • 



APAR Information




    

  • APAR number
    JR52574
    • 

  • Reported component name
    BPM STANDARD
    • 

  • Reported component ID
    5725C9500
    • 

  • Reported release
    855
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2015-02-13
    • 

  • Closed date
    2015-04-13
    • 

  • Last modified date
    2015-04-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    BPM STANDARD
    • 

  • Fixed component ID
    5725C9500
    • 



Applicable component levels


    

  • R855  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            14 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback