PK10241: SERVEREXCEPTION IS THROWN INSTEAD OF ACCESSEXCEPTION WHEN RACF/ACCESS ERROR IS ENCOUNTERED. | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The following RACF error was received: BBOS0008E RACAUTH of class, EJBROLE, failed with SAF Return Code=00000008, RACF Return Code=00000008, RACF Reason Code=00000000. A general ServerException was returned to the caller: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is: java.rmi.RemoteException: ; nested exception is: com.ibm.websphere.csi.CSIException: SECJ0053E: Authorization failed for.. (...) .at com.ibm.ws.security.core.SecurityCollaborator. performAuthorization(SecurityCollaborator.java) .at com.ibm.ws.security.core.EJSSecurityCollaborator. preInvoke(EJSSecurityCollaborator.java) .at com.ibm.ejs.container.EJSContainer.preInvoke_internal (EJSContainer.java) In this case, AccessException should be returned so the application has an option to convert it to insufficient authority' and return this instead to the client. The analysis shows SecurityCollaborator.java throws a generic CSIException as oppose to CSIAccessException. Had it thrown a CSIAccessException, it would have been converted to a AccessException and delivered as such to the caller. Instead, generic CSIException is converted to a RemoteException which is in turn converted to a ServerException when it goes across the wire and that's what caller receives.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Generic java.rmi.RemoteException is * * thrown isntead of the more specific * * java.rmi.AccessException which EJB * * spec section 21.6.9 calls for. * **************************************************************** * RECOMMENDATION: * **************************************************************** When an EJB container denies client access to an EJB method the container should throw a java.rmi.AccessException (or javax.ejb.AccessLocalException). The more generic exception java.rmi.RemoteException (or javax.ejb.EjbException) is being thrown.Problem conclusion The container was modified to throw the AccessException or AccessLocalException as appropriate when a client is denied access to an EJB method. APAR PK10241 is associated with SERVICE LEVEL W502034 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PK10242 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PK10241.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK10241
IBM Group: Software Group
Modified date: Oct 4, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.