PQ79901: THIS APAR ADDRESSES DEFECTS IN WEBSPHERE APPLICATION SERVER V5.0 FOR Z/OS. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description This APAR addresses defects in WebSphere Application Server V5.0 for z/OS.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: APAR PQ79901 addresses various defects * * in WebSphere Application Server V5.0 * * for z/OS. * **************************************************************** * RECOMMENDATION: * **************************************************************** APAR PQ79901 addresses the following defects in WebSphere Application Server V5.0 for z/OS: (MD17453) Customization dialog should make the name name of BBOW5SH proc configurable. We cannot assume cells can share bbow5sh proc. This would require that bbow5sh runs under a userid that has update access to all cells in the sysplex. That is not acceptable for security reasons. We need to let the user tell us the name to use for this proc. BBOW5SH is only the default. (MD17658) While obtaining a Connection using Thread Identity, WebSphere accesses some Private Credentials that resource adapters are not authorized to view. When this problem is encountered, an exception similar to the following will occur in the joblog of your application servant region: java.security.AccessControlException: access denied (javax.security.auth.PrivateCredentialPermission com.ibm.ws.security.auth.j2c.GenericCredentialImpl com.ibm.ws.security.common.auth.WS390Principal "KING3" read) at java.security.AccessControlContext.checkPermission (AccessControlContext.java(Compiled Code)) at java.security.AccessController.checkPermission (AccessController.java(Compiled Code)) at java.lang.SecurityManager.checkPermission (SecurityManager.java(Compiled Code)) at com.ibm.ws.security.core.SecurityManager.checkPermission (SecurityManager.java(Compiled Code)) at javax.security.auth.Subject$6.next(Subject.java:1156) at javax.security.auth.Subject$ClassSet.<init>(Subject.java:1283 at javax.security.auth.Subject.getPrivateCredentials (Subject.java:887) at com.ibm.ejs.j2c.ThreadIdentitySecurityHelper .beforeGettingConnection(ThreadIdentitySecurityHelper.java:535) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection (ConnectionManager.java:443) (MD17704) If global security is enabled, and EnableTrustedApplications bit is not set, customer will receive message: BBOS0107E Credential handling function getDefaultIdentity failed While message BB0S0107E is an accurate message, it does not provide any information to help the customer diagnose or correct the problem. (MD17809) SMF records for EJB AverageResponseTime and MaximumResponseTime report '0' (no value provided). When collecting SMF data, AverageResponseTime and MaximumResponseTime are computed based on lifecycle events in the container triggering a callout to smf recording. A particular callout was not being made just prior to EJB method dispatch time. This effectivly eliminated the ability to caculate and record these two smf datapoints. (MD17847) Administrative console validation must disallow more than two http transports. In the administrative console on z/OS, if you Navigate to: HTTP Transports collection view. Currently, the user can define more than 2 HTTP transports. However, the webcontainer selects the first http port and the first https port that it finds and uses those two ports only. All other ports that may have been defined in the HTTP Transports collection view are ignored. Therefore, the administrative console should ensure there are no more than 1 sslEnabled=false transport, and 1 sslEnabled=true transport. Any attempt to save a configuration change with more transports than these must be disallowed. (MD17864) The JMS Server has a Servant Region defined. It should not, the JMS Server should only have a Control Region. (MD17869) After a transaction times out, the servant region which was processing that transaction may be abended. If the transaction involved XA-enabled resources, and the timeout occurred during two-phase commit processing, the transaction outcome may not be delievered to these resources until the server is restarted. (MD17822) Parse errors can results for integral-jms-authorizations.xml. A SAXParseException is thrown along with message BIP7042S. When IJP security is enabled the integral-jms-authorizations.xml file is parsed. The file contains additional dashes as part of a comment tag. (MD17942) Variables are not merged across variable.xml files. Variables are also not resolved, left with ${..} values. The customer would experience variables that are missing from the was.env because they could be resolved. The transformer did not search across variables.xml files to resolve the variables it found, it only searched within its current variables.xml file. (MD17959) Adding a new custom property from the administrative console in Global Security configuration causes a JspException. If a administrative console user navigates to: Global Security -> Custom Properties collection view and clicks on the Add button to add a new custom property, the following JspException is thrown: javax.servlet.jsp.JspException: Missing message for key Security.property.required.displayName javax.servlet.jsp.JspException: Missing message for key Security.property.required.displayName at org.apache.struts.taglib.bean.MessageTag.doStartTag (MessageTag.java:242). (MD17969) Daemon ABEND0C4/ABENDS0C4 during an attempt to terminate the daemon either via modify cancel or RRS termination which results in a hang of the daemon. While attempting to issue a message indicating that the daemon is terminating, an uninitialized variable is used resulting in the ABEND0C4. The signal handler for the resulting SIGSEGV incorrectly calls pthread_exit on the main thread resulting in a hang. (MD17971) Using the administrative console you Cannot change the discoveryProtocol of a node to multicast. If you navigate to: System Administration -> Nodes -> Select Node -> Node detail view. Select "multicast" as the value for the Discovery Protocol field which has choices (TCP,UDP,multicast). Click OK button and save the configuration. Go back to the Node detail view. The value of Discovery Protocol field is not "multicast" and the value "multicast" is not saved to node.xml either. (MD17971) The value of the field in the view is set to "multicast" while the value of the protocl in the WCCM data model is "MULTICAST". This mismatch caused the failure to change the discovery protocol of a node to multicast. The error is corrected. (MD18006) Hang in bboopce waiting for a GRS Latch following an earlier abend in module bboopce. Module bboopce obtains and releases GRS Latches. If an abend occurs while the latch is held, existing recovery code does not check for the held latch and release it. A subsequent call to bboopce can hang waiting for a latch which will never be released. (MD18008) Running threads for the JMSSecurityService prevent the Controller Region from stopping. When the security is enabled and the Controller Region is issued a command to stop, the Controller Reion does not stop fully due to running threads for the JMSSecurityService. The Controller Region requires a cancel command in order for it to stop fully. (MD18018) An attempt by a client to remove a Stateful Session Bean while it is in a transaction results in a BeanNotReentrantException being recieved, which is incorrect. Client should recieve a javax.ejb.RemoveException. EJB 2.0 spec 7.6 pg 79 states that for session bean, if ejb.remove() is called when the ejb has already been enlisted in another transaction, a RemoveException must be thrown. This works for a remote interface object but not for local interface. The problem is in "public void removeBean(EJSWrapperBase w)", when this condition occurs, the underlying container implementation throws a BeanNotReentrantException with a message indicating that it is in a wrong transaction. In the bean preinvoke processing, this error is detected and the remote Exception mapping mechanism turns the BNRE to a UnknownException but the local exception mapping turns it to a EJBException. Hence the removeBean catches only UnknownException and turns it to a RemoveException but the EJBException is escaped back to the client as a BNRE. (MD18037) The startServer.sh Command Line Admin Tool fails when more than one parameter is specified. When using the startServer.sh command line tool, you are allowed to specify options after the server name. However if you do, a Java error is returned similar to the following - Usage: java -options class args... (to execute a class) or java -jar -options jarfile args... (to execute a jar file) where options include: -cp -classpath <directories and zip/jar files separated by set search path for application classes and ... -D<name>=<value> set a system property -verbose :class|gc|jni enable verbose output -version print product version -showversion print product version and continue -? -help print this help message -X print help on non-standard options In setting up the Java command to run, a "$@" value was used to set the was.serverstart.server value. This works fine as long as only the server name is specified on the startServer command line. If additional options are specified, then the "$@" will cause a syntax error for the Java command. The correct term is "$1", which only returns the first parameter on the command line, not all of them. (MD18050) ABEND0C4/ABENDS0C4 in CPOOL(FREE) called from module BBOCLCLR. ABEND0C4 occurs When trying to free (cpool) storage which was not obtained.Problem conclusion APAR PQ79901 fixes various defects in WebSphere Application Server V5.0 for z/OS. (MD17453) Dialog panels and jobs have been updated to allow the user to change the "Admin asynch operations procedure name" (default value is BBOW5SH). (MD17658) The section of code that accesses the Private Credentials has been wrapped in a doPrivileged() so that the Security Manager does not check the calling classes from the resource adapter for the required permissions. (MD17704) A new message is added, BBOS0130E Credential handling function <name> failed because EnableTrustedApplications is set to false. The following publication was revised as a result of defect MD17704: ________________________________________________________________ WebSphere Application Server V5 for z/OS Messages and Codes GA22-7915-00 _______________________________________________________________ Chapter 1, pg. 59 (new message) Message identifier - text - BBOS0130E Credential handling function 'string' failed because EnableTrustedApplications is set to false. Explanation: The requested function failed because global security is enabled and EnableTrustedApplications is set to false. User Response: This message occurs if global security is enabled and the registry is LocalOS (SAF), and option EnableTrustedApplications is set to false. To correct this, disable security, reconfigure security with EnableTrustedApplications set to true, then enable security. EnableTrustedApplications is found in the admin. console under Global Security -> Custom Properties. _______________________________________________________________ (MD17809) Support has been modified to add the callout to record the 'begin dispatch' event in the container, thus allowing the caculation of the two datapoints to occur and be recorded correctly. (MD17847) To implement this validation in the http transport collection view, a click on New button when there are already 2 transports defined in the collection, the following message will displayed: New action invalid: the server already has the maximum number of HTTP transports allowed. Also when changing the value of the Enable SSL check box in the http transport detail view, if the new value is the same as the value of the field in the other http transport, the following message will displayed: Enable/disable SSL action invalid: the two HTTP transports cannot both be defined as SSL enabled or SSL disabled. (MD17864) The code to build the JMS Server during addNode has been modified to not create a Servant Region. (MD17869) Code was added to drive XAResources with their outcome when a timeout occurs and the server region is abended during the two phase commit process. (MD17822) Shipped new event broker pax file with updated integral-jms-authorizations.xml file (MD17942) Transformer was modified to search and resolve across different variables.xml files in the Cell/Node and Server level to resolve variables. (MD17959) The string Security.property.required.displayName along with other 2 strings are not defined in the plugin.properties file. The missing string definitions caused the JspException. The missing strings have been added. (MD17969) Support was modified to initialized the uninitialized variable to correct the abend. Changed processing for signal handling on the main thread to abend instead of calling pthread_exit. (MD17971) The value of the field in the view is set to "multicast" while the value of the protocl in the WCCM data model is "MULTICAST". This mismatch caused the failure to change the discovery protocol of a node to multicast. The error is corrected. (MD18006) Recovery code has been modified to release the latch if it was held. (MD18008) Disabled the listener and the internal service threads for the JMSSecurityService since security is performed using security exits for the channel initiators when the global security is enabled. (MD18018) Convert BeanNotReentrantException into a RemoveException when a client attempts to remove a Stateful Session Bean while it is in a transaction. (MD18037) Support was modified to use the "$1" term in startServer.sh. (MD18050) Code is modified such that a validation check will be done on the pointer before freeing the memory. APAR PQ79901 is associated with SERVICE LEVEL W501002 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ81380 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ79901.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ79901
IBM Group: Software Group
Modified date: Nov 2, 2003
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.