APAR status
Closed as program error.
Error description
The problem scenario is:
- Client 1 sends web service request
- Client 1 receives web service response with a KeyIdentifier
referring to Client1's certificate.
- Client 2 sends web service request
- Client 2 receives web service response with a KeyIdentifier
referring to Client1's certificate.
- Client 2 is unable to decrypt the response since it cannot
locate a certificate for Client1's KeyIdentifier.
The requests and responses are both signed and encrypted.
Local fix
n/a
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server Web service *
* security users *
****************************************************************
* PROBLEM DESCRIPTION: Webservice clients may receive *
* "signature exception" if multiple *
* clients access the server. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The CertInRequestKeyLocator class is not thread safe. If
multiple web services clients access the same server, the
first access client's certificate was incorrectly sent to all
other clients.
Problem conclusion
This is a programming error, so a change has been made to the
programming logic to locate the client's certificate. After the
fix, the client's certificate is stored in the client's
MessageContext instead of a common hashmap.
Temporary fix
send test fix.
Comments
APAR information |
APAR number |
PQ83606 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
10W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-01-22 |
Closed date |
2004-02-20 |
Last modified date |
2004-02-20 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|