PQ74702: WITH SAFAUTHORIZATION ENABLED, SAF EJBROLE AUTHORIZATION NOT WORKING FOR COSNAMING AUTH AND ADMIN AUTH(WHEN WASADMIN SCRIPT)

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Naming and wsadmin security requires the use of WebSphere
Authorization.  Even if SAFAuthorization has been enabled,
SAF EJBROLE authorization is not supported in the following
situations:
- CosNaming Authorizations
- Administrative authorizations when wsadmin scripting is used
.
The impact is that authorizations to WebSphere administrative
and name space cannot be completely protected by SAF until
this apar is delivered.
.
If SAF authorization is chosen:
.
For Base,
Authorizations controlling the Admin Console will use SAF for
authorization,
Admin scripting authorization will use WebSphere Bindings
specified by Console Users and Groups.
All Naming authorizations will use WebSphere bindings.
.
For ND.
Authorizations controlling the Admin Console will use SAF for
authorization within the ND application, but the authorization
required to synchronize updates to other processes will
require WebSphere Bindings.
Admin scripting authorization will use WebSphere Bindings
specified by Console Users and Groups.
 All Naming authorizations will use WebSphere bindings.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Users will get receive a                *
*                      ClassCastException                      *
*                      if SAF Authorization is being used for  *
*                      wsadmin and Naming.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Users will get the following ClassCastException if SAF
Authorization is being used for wsadmin and Naming:
java.lang.ClassCastException
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess
                             (RoleBasedAuthorizerImpl.java:374)
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess
                             (RoleBasedAuthorizerImpl.java:317)
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.
                             performAuthorizationCheck
at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase.
                             rebind_corba_object
at com.ibm.WsnOptimizedNaming._NamingContextImplBase._invoke
at com.ibm.ws390.orb.CommonBridge.CORBAinvoke
                                  (CommonBridge.java:965)
at com.ibm.ws390.orb.ORBEJSBridge.CORBAinvoke
                                  (ORBEJSBridge.java:436)
Problem conclusion
Support was modified such that the casted variable was corrected
in the parameter list.

APAR PQ74702 is associated with SERVICE LEVEL W500101 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ74702
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-05-30
Closed date 2003-06-18
Last modified date 2003-07-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ77804    UP03/06/25 P F306

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ74702.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ74702
IBM Group: Software Group
Modified date: Jul 3, 2003