PK30174: ROLENAME AUTHORIZATION FAILS IF ROLENAME PLACED AFTER "DENYALLR OLE" IN DEPLOYMENT DESCRIPTOR.

 Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for AIX
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for HP-UX
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Linux
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for AIX
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for AIX platforms
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for HP-UX
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for HP-UX platforms
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Solaris
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Windows
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for OS/400 platform
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Solaris
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Windows platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for AIX platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Linux
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Solaris
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Windows
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for AIX platforms
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for AIX
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for AIX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for HP-UX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Linux platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Solaris
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Windows platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Linux platforms
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Windows
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Solaris
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Windows
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Solaris
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Solaris
6.1.0.7 WebSphere Application Server V6.1 Fix Pack 7 for AIX
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for AIX
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Linux platforms
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for AIX
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Solaris
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Windows platforms
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Windows
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for HP-UX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Linux
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Windows
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for HP-UX
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for AIX platforms
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for OS/400 platform
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for Solaris
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for Windows platforms
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for HP-UX platforms
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for AIX platforms
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for i5/OS
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for i5/OS
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for AIX
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Linux
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Windows
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Windows
6.1.0.9 WebSphere Application Server V6.1 Fix Pack 9 for AIX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for i5/OS
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Windows
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for HP-UX
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for HP-UX platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Windows platforms
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for HP-UX
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for OS/400 platform
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for AIX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for HP-UX
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for HP-UX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Linux platforms
6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Linux
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for HP-UX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Linux
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Windows
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for HP-UX
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Linux
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Windows platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for OS/400 platform
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Linux
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Linux platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for AIX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Windows platforms
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Solaris
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Solaris platforms
6.1.0.7: WebSphere Application Server V6.1 Fix Pack 7 for Linux
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.0.2.17: WebSphere Application Server V6.0.2 Fix Pack 17 for Linux platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Linux platforms
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for AIX
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for AIX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for HP-UX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for OS/400 platform
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Solaris
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Windows platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for i5/OS
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Windows
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Solaris
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Linux
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for HP-UX



APAR status
Closed as program error.

Error description
Rolename authorizations fails if rolename placed after "DenyAllR
ole"

The cause of the problem is that the design mismatch between the
role name resolution code in WCCM and security initialization
code in the security code. The role name resolution should be
happened while initializing the application, but if the role is
placed after "DenyAllRole", this initialization won't happen,
therefore the security runtime code fails to get the proper
role name for authorization.
Local fix
Remove "DenyAllRole" from Deployment Descriptor or
place Roles in front of (before) "DenyAllRole".
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who are   *
*                 using role based authorization.              *
****************************************************************
* PROBLEM DESCRIPTION: Role based authorization always fails   *
*                      if granted role name locates after      *
*                      DenyAllRole.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
WebSphere Application Server stops constructing a role based
authorization table if it finds "DenyAllRole" group name in
the application deployment descriptor.
Therefore, authorization for users or groups, which map to the
role names after DenyAllRole in application deployment
descriptor always fails.
Problem conclusion
With this fix, DenyAllRole can be placed other than the bottom
of the role list.

The fix for this APAR is currently targeted for inclusion in
fixpack 5.1.1.13, 6.0.2.17 and 6.1.0.5. Please refer to the
Recommended Updates page for delivery information:

http://www-1.ibm.com/support/docview.wss?uid=swg27004980
Temporary fix Comments
APAR information
APAR number PK30174
Reported component name WEBSPHERE BASE
Reported component ID 5630A3600
Reported release 10W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-08-22
Closed date 2006-09-18
Last modified date 2007-01-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Publications Referenced

Fix information
Fixed component name WEBSPHERE BASE
Fixed component ID 5630A3600

Applicable component levels
R00P PSY    UP
R10A PSY    UP
R10H PSY    UP
R10I PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10W
Software edition:
Reference #: PK30174
IBM Group: Software Group
Modified date: Jan 2, 2007