PK36625: SECJ0321E, BBOO0222I, ADMR0021E EXCEPTION WHEN DEPLOYING AN APPLICATION WITH USER/USERID DEFINED AS EJBROLE 'CONFIGURATOR'

 Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for AIX platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for HP-UX platforms
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for OS/400 platform
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Solaris
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Windows platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for AIX platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for AIX platforms
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for AIX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for HP-UX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Linux platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Solaris
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Windows platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Linux platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Linux platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Solaris
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Windows platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for AIX platforms
6.1.0.9 WebSphere Application Server V6.1 Fix Pack 9 for AIX
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for i5/OS
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for HP-UX platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Windows platforms
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for HP-UX
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for OS/400 platform
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for HP-UX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Linux platforms
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Linux
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Solaris
6.1.0.9: WebSphere Application Server V6.1 Fix Pack 9 for Windows
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Windows platforms
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for OS/400 platform
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Linux platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for AIX platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Windows platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Solaris platforms
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.0.2.19: WebSphere Application Server V6.0.2 Fix Pack 19 for Linux platforms
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for AIX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for HP-UX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for OS/400 platform
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Solaris
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Windows platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server



APAR status
Closed as program error.

Error description
Running WebSphere Application Server zOS, If a user/userid
defined as EJBROLE 'configurator' fails to deploy an
Application on the server.

Exceptions in the Deployment Manager servant region,

Trace: 2006/11/11 11:19:45.208 01 t=BC97B8 c=UNK key=S2 (1300700
ThreadId: 00000036
FunctionName: com.ibm.ws.security.role.RoleBasedAuthorizerImpl
SourceId: com.ibm.ws.security.role.RoleBasedAuthorizerImpl
Category: FINEST
ExtendedMessage: SECJ0321E: Role based authorization is caller
in role  failed for security name: tms accessID: user:ABCD/xyz
and role name: administrator

Trace: 2006/11/11 11:19:45.225 01 t=BC97B8 c=UNK key=S2 (1300700
ThreadId: 00000036
FunctionName: com.ibm.ws.management.repository.FileRepository
SourceId: com.ibm.ws.management.repository.FileRepository
Category: AUDIT
ExtendedMessage: BBOO0222I: ADMR0021E: User ABCD/xyz does not
have the required role for accessing a restricted document cells
/I1/applications/xyz.ear/deployments/xyz/xyz.war/WEB-INF/
applicationContext-security.xml.
 -
This problem can be seen on these OS platforms:
AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux Red Hat -
pSeries,Linux zSeries,OS/400,Solaris,Windows
Local fix
Grant the user/userid as EJBROLE administrator.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V6.0.1 for z/OS                              *
****************************************************************
* PROBLEM DESCRIPTION: Permitting the RACF/SAF class EJBROLE   *
*                      with the configurator role to a user,   *
*                      was failing when the deployed           *
*                      application  had a file name that       *
*                      ended with security.xml. The message    *
*                      received is ADMR0021E: User ESS0/tms    *
*                      does not have the required role for     *
*                      accessing a restricted document         *
*                      cells/I1/applications/EDKV21-I.ear/     *
*                      deployments/EDKV21-I/EdwfWeb.war/       *
*                      WEB-INF/applicationContext-security.xml *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The RestrictedAccess class is indicating that a file
is restricted if the name ends with security.xml.
Problem conclusion
The RestrictedAccess class was changed to look for the
delimeter of foward slash (/), prior to the security.xml name,
before indicating that a file is restricted. Therefore the
search is now for the name /security.xml.

APAR PK36625 is currently targeted for inclusion in Service
Level (Fix Pack) 6.0.2.19 of WebSphere Application Server V6.0.1
for z/OS.
Temporary fix Comments
APAR information
APAR number PK36625
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 601
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2006-12-26
Closed date 2007-03-27
Last modified date 2007-06-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PK44887

Modules/Macros
EDACCES RESTRICT S      

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSN    UP
R601 PSY UK24272    UP07/05/02 P F705
R610 PSN    UP

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK36625.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 601
Software edition:
Reference #: PK36625
IBM Group: Software Group
Modified date: Jun 5, 2007