PK60465: VERSION 5.1 SECURITY-PROPERTIES IN J2C PROPERTIES FILE NOT BEING SET AT RUNTIME | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description In WebSphere 5.1.1.16 there is problem that prevents the security-properties in J2C properties file from being set properly. So it is NOT possible to disable lookup security, as instructed in the 5.1.x information center. See details below: http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com .ibm.websphere.base.doc/info/aes/ae/tdat_dissec.html ================================================================ Disabling lookup security Why and when to perform this task By default, all lookups are secure as described in Security of lookups with component managed authentication. Although it is not recommended, it is possible to turn off the secure mode for a particular datasource or connection factory. Steps for this task Edit %WAS_HOME%\properties\j2c.properties (or $WAS_HOME/properties/j2c.properties on UNIX or z/OS platforms). Change this: <!-- The security-properties are in a comment block. Uncomment to use --> <!-- <security-properties connectionFactoryJNDIName="myDataSource"> <secureMode>false</secureMode> </security-properties> --> to this, for example: <!-- The security-properties are in a comment block. Uncomment to use --> <security-properties connectionFactoryJNDIName="myDataSource"> <secureMode>false</secureMode> </security-properties> Where "myDataSource" is the JNDI name of the datasource or connection factory you want to run unsecure. ================================================================ This APAR will fix the code to make sure that the security-properties in J2C properities file are set. NOTE: "DISABLING LOOK UP SECURITY IS NOT RECOMMENDED" The following exception would be encountered when trying to do a lookup on the Java 2 Connector (J2C) connection factories, datasources, or JMS queues: ---------------------------------------------------------------- java.lang.Exception: Failed security check. Client is not permitted to create connection factory PlateauDS at com.ibm.ejs.j2c.J2CXAResourceFactory.createMCFEntry(J2CXAResourc eFactory.java:614) at com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.createMCFandPM(Conn ectionFactoryBuilderImpl.java:1429) at com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.getObjectInstance(C onnectionFactoryBuilderImpl.java:1217) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.j ava:314) at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookupE xt(Helpers.java:894) at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookup( Helpers.java:701) ... ----------------------------------------------------------------Local fix N/AProblem summary **************************************************************** * USERS AFFECTED: Users of IBM WebSphere Application Server * * V5.1 only , who want to disable look up * * security * **************************************************************** * PROBLEM DESCRIPTION: You are not able to disable lookup * * security per instructions in the V5.1 * * Information Center * **************************************************************** * RECOMMENDATION: * **************************************************************** The code that allows you to disable look up security based on instructions in the V5.1 Information Center was removed from the V5.1 service stream. Although we DO NOT recommend that you disable look up security, instructions in the V5.1 Information Center show an example of how this can be done, so we must keep this code in the V5.1 service stream.Problem conclusion ALthough not recommended to disable look up sercurity, V5.1 code was fixed so that anyone who wishes to do so may follow the instructions in the Information Center on disabling look up security. This applies to V5.1 ONLY. The fix for this APAR is currently targeted for inclusion in cumulative fix 5.1.1.19. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 10A
Software edition:
Reference #: PK60465
IBM Group: Software Group
Modified date: Mar 25, 2008
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.