PQ90170; 5.0.2: Web modules security constraints not
correctly updated
Downloadable files
Abstract
Web modules security constraints are not updated correctly
when security role names are changed at the enterprise application
level.
Download Description
PQ90170 resolves the following problem:
ERROR DESCRIPTION:
Web module security constraints are not always updated correctly when
security role names are changed at the enterprise application level.
PQ83016 did not completely correct this problem.
USERS AFFECTED:
WebSphere® Application Server developers using the Application Assembly
Tool (AAT) to change security role names at the enterprise application
level and expecting these changes to roll down to EJB™ and Web levels. All
platforms are affected.
PROBLEM DESCRIPTION:
A null pointer exception is thrown and not all security constraint values
are updated properly. Changes to security role names at the application
level see the description value appearing as the new role name after the
change. This is a display failure only.
RECOMMENDATION:
If you change the security role name at the application level, the
displayed value of this new role name will
be the same as the description field. If the application has several
security constraint values in one or more Web modules, and one of these
security constraints does not have an associated role names, a null
pointer exception is thrown and processing of the security constraints
terminates. Consequently, you may see some values changed properly, while
others are not.
PROBLEM CONCLUSION:
To prevent the name change, a line resetting a result value was commented
out in BaseObjectDescriptor.java. This line was resetting a result value
when it should not have done so. To fix the security constraint problem,
it sufficed to add a check in the SecurityRoleObject.java code to test
whether a security constraint had any role names before attempting to do
any further processing. This prevents the exception problem.
Prerequisites
Please download the UpdateInstaller below to install this fix.