APAR status
Closed as program error.
Error description
Using the AAT of WAS 5.0x, the customer changes the EJB role
name in 'Security Roles' tag under the application level.
We can see the name change is propagated to the 'Security Roles'
tag under each EJB module and Web Module.
The references to the security role name in each EJB module such
as in 'Permission' tag are also updated to use the new name.
However, the references in 'Security Constrains' of the web
modules are not updated.
When the customer performs a 'Verify' to the application, the
following error was displayed :
...
AATL0077I: Validating EJB module extensions
AATL0074I: Validating Web module deployment descriptor
CHKJ3020E: Invalid Security role-name: <old role name>
Local fix
Manually change the "Security Constains" of the web modules.
Problem summary
****************************************************************
* USERS AFFECTED: Any AAT user who has associated security *
* roles and security constraints and *
* tries to update the security role names. *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere Application Server 5.0 AAT *
* does not properly change the security *
* constraints when changing the *
* application level security roles *
****************************************************************
* RECOMMENDATION: *
****************************************************************
Application Server 5.0 AAT does not properly change the
security constraints when changing the application level
security roles. The code did not call any methods to modify
the security constraints.
Problem conclusion
Modified SecurityRoleObject.java to fix the problem by
creating methods to update the security constraints.
The initial method that modified the role names for
ejb and web modules was modified to call these new methods
so that role name changes were propagated to
the security constraint values.
Temporary fix
ZE Fix Error
PQ90170 04/06/15
Comments
APAR information |
APAR number |
PQ83016 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-01-08 |
Closed date |
2004-03-16 |
Last modified date |
2004-06-15 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|