PK13771: PASSWORD CUSTOM PROPERTY FOR J2C CONNECTION FACTORY SHOULD BE ENCODED IN THE ADMIN CONSOLE AND RESOURCES.XML FILE.

 Fixes are available

5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Solaris
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Windows
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for HP-UX
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for AIX
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris



APAR status
Closed as program error.

Error description
When create a custom property for a J2C Connection Factory
in the Admin Console, the property should display as encoded
in the console and in the resources.xml file.  It does not.

To recreate:

1) Install a RAR file
      Resources > Resource Adapters > Install RAR > "navigate
      to RAR file and select"
      Save

 2) Create new "J2C Connection Factory" for the new RAR
      Resources > Resource Adapters > YourRAR > New
            Name:  Test
            JNDI Name:  foo/Test
      Save

 3) Modify the Custom Property settings of the "J2C
    Connection Factory"  for the new RAR
      Resources > Resource Adapters > YourRAR > Test >
      Custom Properties
        ServerName:  Test
        ConnectionURL:  ssl://1.2.3.4
        PortNumber:  8050
        ServerSecurity:  com.ibm....
        KeyRingClass:  /usr/WebSphere/AppServer/etc/
             UBOC_ClientTrustKey.jks
        KeyRingPassword:  our_passwd
      Save

After saving this and then viewing the properties, the
property KeyRingPassword's value should be encoded, but it
is not.  The password is in plain text in the console and
resources.xml file.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: Websphere Application Server users who try   *
*                 to deploy RAR files having properties which  *
*                 are password type properties.                *
****************************************************************
* PROBLEM DESCRIPTION: If you have a rar file which has a      *
*                      custom field which is a  password       *
*                      field, when this field is modified and  *
*                      saved, it is written unencoded to the   *
*                      resources.xml and can be viewed.        *
*                                                              *
*                      The APAR has been raised so that the    *
*                      password fields are encoded after       *
*                      they are modifed and stored to          *
*                      resources.xml                           *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The code has been modified to encode password kinds of fields
in custom properties for a rar file.
Problem conclusion
The code changes for the APAR will be available in 5.0.2.16
and 5.1.1.10
Please refer to the recommended updates page for delivery
information:

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix Comments
APAR information
APAR number PK13771
Reported component name WAS BASE 5.0
Reported component ID 5630A3600
Reported release 10W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2005-10-20
Closed date 2006-01-18
Last modified date 2006-01-18

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
WEBUI          

Publications Referenced

Fix information
Fixed component name WAS BASE 5.0
Fixed component ID 5630A3600

Applicable component levels
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00S PSY    UP
R00W PSY    UP
R10A PSY    UP
R10H PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10W
Software edition:
Reference #: PK13771
IBM Group: Software Group
Modified date: Jan 18, 2006