PQ79901: THIS APAR ADDRESSES DEFECTS IN WEBSPHERE APPLICATION SERVER V5.0 FOR Z/OS.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
This APAR addresses defects in WebSphere Application Server
V5.0 for z/OS.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: APAR PQ79901 addresses various defects  *
*                      in WebSphere Application Server V5.0    *
*                      for z/OS.                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
APAR PQ79901 addresses the following defects in
WebSphere Application Server V5.0 for z/OS:

(MD17453) Customization dialog should make the name name of
BBOW5SH proc configurable. We cannot assume cells can share
bbow5sh proc.   This would require that bbow5sh runs under a
userid that has update access to all cells in the sysplex.
That is not acceptable for security reasons.   We need to let
the user tell us the name to use for this proc.  BBOW5SH is
only the default.

(MD17658) While obtaining a Connection using Thread Identity,
WebSphere accesses some Private Credentials that resource
adapters are not authorized to view.  When this problem is
encountered, an exception similar to the following will occur in
the joblog of your application servant region:

java.security.AccessControlException: access denied
  (javax.security.auth.PrivateCredentialPermission
  com.ibm.ws.security.auth.j2c.GenericCredentialImpl
  com.ibm.ws.security.common.auth.WS390Principal "KING3" read)
at java.security.AccessControlContext.checkPermission
  (AccessControlContext.java(Compiled Code))
at java.security.AccessController.checkPermission
  (AccessController.java(Compiled Code))
at java.lang.SecurityManager.checkPermission
  (SecurityManager.java(Compiled Code))
at com.ibm.ws.security.core.SecurityManager.checkPermission
  (SecurityManager.java(Compiled Code))
at javax.security.auth.Subject$6.next(Subject.java:1156)
at javax.security.auth.Subject$ClassSet.<init>(Subject.java:1283
at javax.security.auth.Subject.getPrivateCredentials
  (Subject.java:887)
at com.ibm.ejs.j2c.ThreadIdentitySecurityHelper
 .beforeGettingConnection(ThreadIdentitySecurityHelper.java:535)
at com.ibm.ejs.j2c.ConnectionManager.allocateConnection
  (ConnectionManager.java:443)

(MD17704) If global security is enabled, and
EnableTrustedApplications bit is not set, customer will receive
message:
BBOS0107E Credential handling function getDefaultIdentity failed

While message BB0S0107E is an accurate message, it does not
provide any information to help the customer diagnose or correct
the problem.

(MD17809) SMF records for EJB AverageResponseTime and
MaximumResponseTime report '0' (no value provided). When
collecting SMF data, AverageResponseTime and MaximumResponseTime
are computed based on lifecycle events in the container
triggering a callout to smf recording. A particular callout was
not being made just prior to EJB method dispatch time. This
effectivly eliminated the ability to caculate and record these
two smf datapoints.

(MD17847) Administrative console validation must disallow more
than two http transports. In the administrative console on z/OS,
if you Navigate to: HTTP Transports collection view.  Currently,
the user can define more than 2 HTTP transports.  However, the
webcontainer selects the first http port and the first https
port that it finds and uses those two ports only.  All other
ports that may have been defined in the HTTP Transports
collection view are ignored.  Therefore, the administrative
console should ensure there are no more than 1 sslEnabled=false
transport, and 1 sslEnabled=true transport. Any attempt to save
a configuration change with more transports than these must be
disallowed.

(MD17864) The JMS Server has a Servant Region defined. It
should not, the JMS Server should only have a Control Region.

(MD17869) After a transaction times out, the servant region
which was processing that transaction may be abended.  If the
transaction involved XA-enabled resources, and the timeout
occurred during two-phase commit processing, the transaction
outcome may not be delievered to these resources until the
server is restarted.

(MD17822) Parse errors can results for
integral-jms-authorizations.xml. A SAXParseException is thrown
along with message BIP7042S. When IJP security is enabled the
integral-jms-authorizations.xml file is parsed. The file
contains additional dashes as part of a comment tag.

(MD17942) Variables are not merged across variable.xml files.
Variables are also not resolved, left with ${..} values.  The
customer would experience variables that are missing from the
was.env because they could be resolved.

The transformer did not search across variables.xml files
to resolve the variables it found, it only searched within
its current variables.xml file.

(MD17959) Adding a new custom property from the administrative
console in Global Security configuration causes a JspException.
If a administrative console user navigates to:
Global Security -> Custom Properties collection
view and clicks on the Add button to add a new custom property,
the following JspException is thrown:
javax.servlet.jsp.JspException: Missing message for key
Security.property.required.displayName
javax.servlet.jsp.JspException: Missing message for key
Security.property.required.displayName
at org.apache.struts.taglib.bean.MessageTag.doStartTag
(MessageTag.java:242).

(MD17969) Daemon ABEND0C4/ABENDS0C4 during an attempt to
terminate the daemon either via modify cancel or RRS
termination which results in a hang of the daemon. While
attempting to issue a message indicating that the daemon is
terminating, an uninitialized variable is used resulting in the
ABEND0C4.  The signal handler for the resulting SIGSEGV
incorrectly calls pthread_exit on the main thread resulting in
a hang.

(MD17971) Using the administrative console you Cannot change
the discoveryProtocol of a node to multicast. If you navigate
to: System Administration -> Nodes -> Select Node ->
Node detail view. Select "multicast" as the value for the
Discovery Protocol field which has choices (TCP,UDP,multicast).
Click OK button and save the configuration.  Go back to the
Node detail view.  The value of Discovery Protocol field is not
"multicast" and the value "multicast" is not saved to node.xml
either.

(MD17971) The value of the field in the view is set to
"multicast" while the value of the protocl in the WCCM data
model is "MULTICAST". This mismatch caused the failure to change
the discovery protocol of a node to multicast.  The error is
corrected.

(MD18006) Hang in bboopce waiting for a GRS Latch following an
earlier abend in module bboopce. Module bboopce obtains and
releases GRS Latches.  If an abend occurs while the latch is
held, existing recovery code does not check for the held latch
and release it. A subsequent call to bboopce can hang waiting
for a latch which will never be released.

(MD18008) Running threads for the JMSSecurityService prevent the
Controller Region from stopping. When the security is enabled
and the Controller Region is issued a command to stop, the
Controller Reion does not stop fully due to running threads for
the JMSSecurityService. The Controller Region requires a cancel
command in order for it to stop fully.

(MD18018) An attempt by a client to remove a Stateful Session
Bean while it is in a transaction results in a
BeanNotReentrantException being recieved, which is incorrect.
Client should recieve a javax.ejb.RemoveException.

EJB 2.0 spec 7.6 pg 79 states that for session bean, if
ejb.remove() is called when the ejb has already been enlisted in
another transaction, a RemoveException must be thrown. This
works for a remote interface object but not for local interface.

The problem is in "public void removeBean(EJSWrapperBase w)",
when this condition occurs, the underlying container
implementation throws a BeanNotReentrantException with
a message indicating that it is in a wrong transaction. In the
bean preinvoke processing, this error is detected and the remote
Exception mapping mechanism turns the BNRE to a UnknownException
but the local exception mapping turns it to
a EJBException. Hence the removeBean catches only
UnknownException and turns it to a RemoveException but the
EJBException is escaped back to the client as a BNRE.

(MD18037) The startServer.sh Command Line Admin Tool fails when
more than one parameter is specified.

When using the startServer.sh command line tool, you are allowed
to specify options after the server name.  However if you do,
a Java error is returned similar to the following -

Usage: java  -options  class  args...
           (to execute a class)
   or  java -jar  -options  jarfile  args...
           (to execute a jar file)

where options include:
    -cp -classpath <directories and zip/jar files separated by
              set search path for application classes and ...
    -D<name>=<value>
              set a system property
    -verbose :class|gc|jni
              enable verbose output
    -version  print product version
    -showversion  print product version and continue
    -? -help  print this help message
    -X        print help on non-standard options

In setting up the Java command to run, a "$@" value was
used to set the was.serverstart.server value. This works fine as
long as only the server name is specified on the startServer
command line.  If additional options are specified, then the
"$@" will cause a syntax error for the Java command.  The
correct term is "$1", which only returns the first parameter on
the command line, not all of them.

(MD18050) ABEND0C4/ABENDS0C4 in CPOOL(FREE) called from module
BBOCLCLR. ABEND0C4 occurs When trying to free (cpool)
storage which was not obtained.
Problem conclusion
APAR PQ79901 fixes various defects in WebSphere Application
Server V5.0 for z/OS.

(MD17453) Dialog panels and jobs have been updated to allow the
user to change the "Admin asynch operations procedure name"
(default value is BBOW5SH).

(MD17658) The section of code that accesses the Private
Credentials has been wrapped in a doPrivileged() so that the
Security Manager does not check the calling classes from the
resource adapter for the required permissions.

(MD17704) A new message is added, BBOS0130E Credential handling
function <name> failed because EnableTrustedApplications is set
to false.

The following publication was revised as a result
of defect MD17704:
________________________________________________________________
WebSphere Application Server V5 for z/OS
Messages and Codes
GA22-7915-00
_______________________________________________________________
Chapter 1, pg. 59 (new message)
Message identifier - text -
BBOS0130E Credential handling function 'string' failed because
EnableTrustedApplications is set to false.

Explanation: The requested function failed because global
security is enabled and EnableTrustedApplications is set to
false.

User Response: This message occurs if global security is enabled
and the registry is LocalOS (SAF), and option
EnableTrustedApplications is set to false. To correct this,
disable security, reconfigure security with
EnableTrustedApplications set to true, then enable security.
EnableTrustedApplications is found in the admin. console under
Global Security -> Custom Properties.
_______________________________________________________________

(MD17809) Support has been modified to add the callout to record
the 'begin dispatch' event in the container, thus allowing the
caculation of the two datapoints to occur and be recorded
correctly.

(MD17847) To implement this validation in the http transport
collection view, a click on New button when there are already 2
transports defined in the collection, the following message will
displayed:
New action invalid: the server already has the maximum number
of HTTP transports allowed.
Also when changing the value of the Enable SSL check box in the
http transport detail view, if the new value is the same as
the value of the field in the other http transport, the
following message will displayed:
Enable/disable SSL action invalid: the two HTTP transports
cannot both be defined as SSL enabled or SSL disabled.

(MD17864) The code to build the JMS Server during addNode has
been modified to not create a Servant Region.

(MD17869) Code was added to drive XAResources with their
outcome when a timeout occurs and the server region is abended
during the two phase commit process.

(MD17822) Shipped new event broker pax file with updated
integral-jms-authorizations.xml file

(MD17942) Transformer was modified to search and resolve across
different variables.xml files in the Cell/Node and Server level
to resolve variables.

(MD17959) The string Security.property.required.displayName
along with other 2 strings are not defined in the
plugin.properties file. The missing string definitions caused
the JspException. The missing strings have been added.

(MD17969) Support was modified to initialized the uninitialized
variable to correct the abend. Changed processing for signal
handling on the main thread to abend instead of calling
pthread_exit.

(MD17971) The value of the field in the view is set to
"multicast" while the value of the protocl in the WCCM data
model is "MULTICAST". This mismatch caused the failure to change
the discovery protocol of a node to multicast.  The error is
corrected.

(MD18006) Recovery code has been modified to release the latch
if it was held.

(MD18008) Disabled the listener and the internal service threads
for the JMSSecurityService since security is performed using
security exits for the channel initiators when the global
security is enabled.

(MD18018) Convert BeanNotReentrantException into a
RemoveException when a client attempts to remove a Stateful
Session Bean while it is in a transaction.

(MD18037) Support was modified to use the "$1" term in
startServer.sh.

(MD18050) Code is modified such that a validation check will be
done on the pointer before freeing the memory.

APAR PQ79901 is associated with SERVICE LEVEL W501002 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ79901
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-10-21
Closed date 2003-10-23
Last modified date 2003-11-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UQ81380

Modules/Macros
BBOANINS BBOCGIOP BBOCHSES BBOCHSSS BBOCLCLR BBOCR2FA
BBOCR2FD BBOCSYSE BBODCFG BBODCFG2 BBODCPY2 BBODC2
***This field was truncated. To obtain
the full apar record, please contact
your local support center.***    

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ81380    UP03/10/28 P F310

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ79901.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ79901
IBM Group: Software Group
Modified date: Nov 2, 2003