PQ94382: ROLEBASEAUTHENTICATION IS LOOKING FOR THE CALLER SUBJECT FIRST

 Fixes are available

5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for AIX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Windows
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for HP-UX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Solaris
5.1.1.6: WebSphere Application Server Version 5.1.1 Cumulative Fix 6
5.1.1.7: WebSphere Application Server Version 5.1.1 Cumulative Fix 7
5.1.1.4: WebSphere Application Server Version 5.1.1 Cumulative Fix 4
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Linux



APAR status
Closed as program error.

Error description
We do a WSSubject.doAs to change the Subject to one that has
permissions. After that we create an AdminClient that uses SOAP.
In the SOAP properties we specified "isInternal" "true" so that
the credentials will be used from the thread. On the Application
Server side of the SOAP call the caller subject is checked first
though and the call fails.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Users of the WebSphere Application Server    *
*                 5.1.1 servicepack release                    *
****************************************************************
* PROBLEM DESCRIPTION: ROLEBASEAUTHENTICATION is looking for   *
*                      the caller subject                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
We do a WSSubject.doAs to change the Subject to one that has
permissions. After that we create an AdminClient that uses SOAP.
In the SOAP properties we specified "isInternal" "true" so that
the credentials will be used from the thread. On the Application
Server side of the SOAP call the caller subject is checked first
though and the call fails.
Problem conclusion
AdminClient thread credentials are checked before the caller
subject
Temporary fix Comments
APAR information
APAR number PQ94382
Reported component name WAS BASE 5.0
Reported component ID 5630A3600
Reported release 10A
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-09-17
Closed date 2004-10-20
Last modified date 2004-10-20

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ADMIN          

Publications Referenced

Fix information

Applicable component levels
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00S PSY    UP
R00W PSY    UP
R10A PSY    UP
R10H PSY    UP
R10I PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10A
Software edition:
Reference #: PQ94382
IBM Group: Software Group
Modified date: Oct 20, 2004