PQ74702: WITH SAFAUTHORIZATION ENABLED, SAF EJBROLE AUTHORIZATION NOT WORKING FOR COSNAMING AUTH AND ADMIN AUTH(WHEN WASADMIN SCRIPT) | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Naming and wsadmin security requires the use of WebSphere Authorization. Even if SAFAuthorization has been enabled, SAF EJBROLE authorization is not supported in the following situations: - CosNaming Authorizations - Administrative authorizations when wsadmin scripting is used . The impact is that authorizations to WebSphere administrative and name space cannot be completely protected by SAF until this apar is delivered. . If SAF authorization is chosen: . For Base, Authorizations controlling the Admin Console will use SAF for authorization, Admin scripting authorization will use WebSphere Bindings specified by Console Users and Groups. All Naming authorizations will use WebSphere bindings. . For ND. Authorizations controlling the Admin Console will use SAF for authorization within the ND application, but the authorization required to synchronize updates to other processes will require WebSphere Bindings. Admin scripting authorization will use WebSphere Bindings specified by Console Users and Groups. All Naming authorizations will use WebSphere bindings.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Users will get receive a * * ClassCastException * * if SAF Authorization is being used for * * wsadmin and Naming. * **************************************************************** * RECOMMENDATION: * **************************************************************** Users will get the following ClassCastException if SAF Authorization is being used for wsadmin and Naming: java.lang.ClassCastException at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess (RoleBasedAuthorizerImpl.java:374) at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess (RoleBasedAuthorizerImpl.java:317) at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase. performAuthorizationCheck at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase. rebind_corba_object at com.ibm.WsnOptimizedNaming._NamingContextImplBase._invoke at com.ibm.ws390.orb.CommonBridge.CORBAinvoke (CommonBridge.java:965) at com.ibm.ws390.orb.ORBEJSBridge.CORBAinvoke (ORBEJSBridge.java:436)Problem conclusion Support was modified such that the casted variable was corrected in the parameter list. APAR PQ74702 is associated with SERVICE LEVEL W500101 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ74702.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ74702
IBM Group: Software Group
Modified date: Jul 3, 2003
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.