APAR status
Closed as program error.
Error description
Environment:
Operating System: AIX V4.3.3
Product Version/Release: ND 5.0.0
Problem Description:
Customer has a Webservice client which is talking to the
webservice (servlet) and basic authentication is used. The
webservice (servlet) is then involing EJB1 which in turn is
invoking EJB2. According to the customer, EJB1 and EJB2 do not
have any additional authorization requirements (other than what
is enforced due to global security being enabled). Where it is
failing is while EJB1 calls "create" on home of EJB2.
Periodically (~ every 2 hr., 10 min.) an EJB create
fails. The next attempt, performing an identical transaction 10
minutes later, succeeds.
Here is the exception caught by the application:
2003-12-18 07:50:01,181
ERROR-1331579161_hello@sbcglobal.net-com.sbc.
swh.ejb.SWHTMS_AddSWHBean.addSWH(SWHTMS_AddSWHBean.java [115]
SWHTMS_AddSW
HBean::addSWH()::Exception::CORBA NO_PERMISSION 0x49424306 No;
nested
exception is:
org.omg.CORBA.NO_PERMISSION: JSAS0202E: [{0}] Credential
token
expired. {1} minor code: 49424306 completed: No
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have *
* enabled security and configured LTPA as the *
* authenticaiton mechanism. *
****************************************************************
* PROBLEM DESCRIPTION: org.omg.CORBA.NO_PERMISSION after token *
* expiration time even after logging in *
* again. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When a user's previous LTPA Token expirs, the same user
receives org.omg.CORBA.NO_PERMISSION exception after
logging in again when accessing an EJB.
This occurs when a client calls an EJB which calls yet
another EJB. The failure is on the second EJB call.
The failure was the credential cached in the CSIv2
session from the first EJB to the second was expired.
Sessions were looked up by the client's credential. The
lookup value did not contain the expiration time so so an
existing seesion with an expired credential was found instead
of the new session created with a valid credential.
Problem conclusion
Credential expiration time was added to the lookup value.
Temporary fix
test fix provided
Comments
APAR information |
APAR number |
PQ83105 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-01-12 |
Closed date |
2004-02-18 |
Last modified date |
2004-02-18 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|