PK60465: VERSION 5.1 SECURITY-PROPERTIES IN J2C PROPERTIES FILE NOT BEING SET AT RUNTIME

 Fixes are available

5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Linux
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for AIX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Windows
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for HP-UX



APAR status
Closed as program error.

Error description
In WebSphere 5.1.1.16 there is problem that prevents the
security-properties in J2C properties file from being set
properly. So it is NOT possible to disable lookup security, as
instructed in the 5.1.x information center. See details below:


http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com
.ibm.websphere.base.doc/info/aes/ae/tdat_dissec.html

================================================================
Disabling lookup security
Why and when to perform this task

By default, all lookups are secure as described in Security of
lookups with component managed authentication.
Although it is not recommended, it is possible to turn off the
secure mode for a particular datasource or connection factory.

Steps for this task

Edit %WAS_HOME%\properties\j2c.properties (or
$WAS_HOME/properties/j2c.properties on UNIX or z/OS platforms).
Change this:

<!-- The security-properties are in a comment block.  Uncomment
to use -->
<!--
   <security-properties
connectionFactoryJNDIName="myDataSource">
       <secureMode>false</secureMode>
   </security-properties>
-->
to this, for example:

<!-- The security-properties are in a comment block.  Uncomment
to use -->


  <security-properties connectionFactoryJNDIName="myDataSource">
      <secureMode>false</secureMode>
   </security-properties>


Where "myDataSource" is the JNDI name of the datasource or
connection factory you want to run unsecure.

================================================================

This APAR will fix the code to make sure that the
security-properties in J2C properities file are set.

NOTE: "DISABLING LOOK UP SECURITY IS NOT RECOMMENDED"


The following exception would be encountered when trying to do
a lookup on the Java 2 Connector (J2C) connection factories,
datasources, or JMS queues:
----------------------------------------------------------------
java.lang.Exception: Failed security check.  Client is not
permitted to create connection factory PlateauDS
 at
com.ibm.ejs.j2c.J2CXAResourceFactory.createMCFEntry(J2CXAResourc
eFactory.java:614)
 at
com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.createMCFandPM(Conn
ectionFactoryBuilderImpl.java:1429)
 at
com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.getObjectInstance(C
onnectionFactoryBuilderImpl.java:1217)
 at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.j
ava:314)
 at
com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookupE
xt(Helpers.java:894)
 at
com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookup(
Helpers.java:701)
...
----------------------------------------------------------------
Local fix
N/A
Problem summary
****************************************************************
* USERS AFFECTED: Users of IBM WebSphere Application Server    *
*                 V5.1 only , who want to disable look up      *
*                 security                                     *
****************************************************************
* PROBLEM DESCRIPTION: You are not able to disable lookup      *
*                      security per instructions in the V5.1   *
*                      Information Center                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The code that allows you to disable look up security based on
instructions in the V5.1  Information Center was removed
from the V5.1 service stream.

Although we DO NOT recommend that you disable look up security,
instructions in the V5.1 Information Center show an example of
how this can be done, so we must keep this code in the V5.1
service stream.
Problem conclusion
ALthough not recommended to disable look up sercurity, V5.1
code was fixed so that anyone who wishes to do so may follow
the instructions in the Information Center on disabling look
up security.

This applies to V5.1 ONLY.

The fix for this APAR is currently targeted for inclusion
in cumulative fix 5.1.1.19.
Please refer to the recommended updates page for delivery
information:

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information
APAR number PK60465
Reported component name WEBSPHERE BASE
Reported component ID 5630A3600
Reported release 10A
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2008-02-05
Closed date 2008-03-25
Last modified date 2008-03-25

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information
Fixed component name WEBSPHERE BASE
Fixed component ID 5630A3600

Applicable component levels
R003 PSY    UP
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00W PSY    UP
R103 PSY    UP
R10A PSY    UP
R10I PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10A
Software edition:
Reference #: PK60465
IBM Group: Software Group
Modified date: Mar 25, 2008