PQ43857: WAS SECURITY PREVENTS EJBS WORKING AFTER REPOSITORY DB GOES DOWN


APAR

APAR status
Closed as Permanent restriction.

Error description
Environment:
WebSphere App Server 3.5.x Advanced
Problem:Environment:WebSphere App Server 3.5.x Advanced
Customer requires that if the WAS repository database goes down, WAS wil continue to run (except for nonfatal JNI call failures). This is true if WAS security is disabled. However, when WAS security is enabled and the repository database is disabled, eventually EJBs calls fail and the following exception appears in the tracefile:Problem:Customer requires that if the WAS repository database goesdown, WAS wil continue to run (except for nonfatal JNI callfailures). This is true if WAS security is disabled. However,when WAS security is enabled and the repository database isdisabled, eventually EJBs calls fail and the following exception
. [00.11.17 16:13:06:450 EST] 266f74b1 DBMgr W Exception on database query: "select * from EJSADMIN.REL_INSTANCE_TABLE where REL_ID = ? and LINK_NAME = ? " COM.ibm.db2.jdbc.DB2Exception: [IBM][CLI Driver][DB2/6000] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "15.0.0.1". Communication function detecting the error: "recv". Protocol specific error code(s):appears in the tracefile:.[00.11.17 16:13:06:450 EST], 266f74b1 DBMgr W Exceptionon database query: "select * from EJSADMIN.REL_INSTANCE_TABLEwhere REL_ID = ? and LINK_NAME = ? "COM.ibm.db2.jdbc.DB2Exception: [IBM][CLIDriver][DB2/6000], SQL30081N A communication error has beendetected. Communication protocol being used: "TCP/IP".Communication API being used: "SOCKETS". Location where theerror was detected: "15.0.0.1". Communication function
"73", "*", "0". SQLSTATE=08001 . The customer requires that the EJB calls not fail when security is enabled and the repository database is down. Failing this, the customer requests an explanation of exactly why this occurs from the WAS security developers.
detecting the error: "recv". Protocol specific error code(s):"73", "*", "0". SQLSTATE=08001.The customer requires that the EJB calls not fail whensecurity is enabled and the repository database is down. Failingthis, the customer requests an explanation of exactly why thisoccurs from the WAS security developers.
Local fix
Problem summary
in the WAS repository.  The security code consults the
repository for the authorization policy at run time and does
cache the results for a period of time.  When the cache entry
expires the security code will have to read from the repository
again to refresh the cache.  If the security code cannot read
from the repository then it treats this as an error and denies
access  -- it would be a bad idea to grant access if the
repository cannot be read from -- that would be a serious
security exposure.
.
The WAS repository is a vital run time component that is used
not only by security but other components as well.  Even if
security did not rely on the repository at runtime I am sure
another component does and would fail if it can't read from it.
.
The repository has to be available at runtime for security
to work.
Problem conclusion
Temporary fix
Comments
APAR information
APAR numberPQ43857
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PRS
PENoPE
HIPERNoHIPER
Submitted date2000-11-27
Closed date2000-12-05
Last modified date2000-12-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information

Applicable component levels











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ43857
IBM Group: Software Group
Modified date: 2000-12-05