PK10241: SERVEREXCEPTION IS THROWN INSTEAD OF ACCESSEXCEPTION WHEN RACF/ACCESS ERROR IS ENCOUNTERED.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The following RACF error was received:

 BBOS0008E RACAUTH of class, EJBROLE, failed with SAF Return
 Code=00000008, RACF Return Code=00000008, RACF Reason
 Code=00000000.

A general ServerException was returned to the caller:

 java.rmi.ServerException: RemoteException occurred in server
 thread; nested exception is:
 java.rmi.RemoteException:  ; nested exception is:
 com.ibm.websphere.csi.CSIException: SECJ0053E: Authorization
 failed for.. (...)
.at com.ibm.ws.security.core.SecurityCollaborator.
    performAuthorization(SecurityCollaborator.java)
.at com.ibm.ws.security.core.EJSSecurityCollaborator.
    preInvoke(EJSSecurityCollaborator.java)
.at com.ibm.ejs.container.EJSContainer.preInvoke_internal
    (EJSContainer.java)

In this case, AccessException should be returned so the
application has an option to convert it to insufficient
authority' and return this instead to the client.

The analysis shows SecurityCollaborator.java throws a generic
CSIException as oppose to CSIAccessException. Had it thrown a
CSIAccessException, it would have been converted to a
AccessException and delivered as such to the caller.
Instead, generic CSIException is converted to a RemoteException
which is in turn converted to a ServerException when it goes
across the wire and that's what caller receives.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Generic java.rmi.RemoteException is     *
*                      thrown isntead of the more specific     *
*                      java.rmi.AccessException which EJB      *
*                      spec section 21.6.9 calls for.          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When an EJB container denies client access to an EJB method the
container should throw a java.rmi.AccessException (or
javax.ejb.AccessLocalException).  The more generic exception
java.rmi.RemoteException (or javax.ejb.EjbException) is being
thrown.
Problem conclusion
The container was modified to throw the AccessException or
AccessLocalException as appropriate when a client is denied
access to an EJB method.

APAR PK10241 is associated with SERVICE LEVEL W502034 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PK10241
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2005-08-11
Closed date 2005-09-28
Last modified date 2005-10-04

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PK10242

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK07674    UP05/10/01 P F509

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK10241.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK10241
IBM Group: Software Group
Modified date: Oct 4, 2005