PQ81584: SYNCH TO THREAD | ||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Synch to thread supportLocal fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Application Sync to OS thread is the * * ability to place the Java identity * * being used by an EJB or web * * application on the thread of * * execution if the registry is localOS. * * Without this support, the identity of * * the server is used when access is * * attempted to resources controlled by * * the local OS. * * There are migration considerations * * for: * * - customers migrating from WebSphere * * Application Server 3.5 to WebSphere * * Application Server V5.0 for z/OS who * * rely on the ability to access z/OS * * Operating System resources using the * * HTTP client identity. * * - customers migrating applications * * from WebSphere Application Server * * V4.0.1 for z/OS and OS/390 to * * WebSphere Application Server V5.0 for * * z/OS who use the IBM Synchronize * * option for EJB methods to access z/OS * * Operating System resources. * **************************************************************** * RECOMMENDATION: * **************************************************************** Application Sync to OS Thread provides the capability for the application to synchronize the RunAs identity being used with the identity on the thread at the z/OS level. This identity is used by SAF to access resources (such as HFS files) that are controlled by the operating system. This capability is provided for EJBs and for Web applications. Application Sync to OS Thread is only supported for localOS registries. A global switch is also provided for each server, so the ability to synchronize the identities can be enabled or disabled at the server level. If application Sync to OS Thread is enabled for the server, each application's Sync to OS Thread flag is honored. If synchronization is disabled, the server identity is always used. The existing Enable Sync to Thread flag is renamed to be Connection Manager RunAs Identity Enabled Refer to the WebSphere Application Server for z/OS global security options for more information.Problem conclusion Code is added to the application deployment tools for EJBs and web applications to specify application Sync to OS Thread. In the WebSphere Application Server administrative console, there is a new z/OS Global security option Connection Manager RunAs Identity Enabled. This option replaces Sync to OS Thread Allowed function for managing thread identity synchronization. Code is also added to the runtime code, customization dialog, administrative console, EJB container, and Web container to implement this function. The following publication was revised as a result APAR PQ81584: _______________________________________________________________ WebSphere Application Server V5 for z/OS Messages and Codes GA22-7915-00 ________________________________________________________________ NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390/library.html ________________________________________________________________ Chapter 1, pg. 4 (new message) Message identifier - BBOJ0081W Explanation: SyncToOSThread synchronizes the J2EE role identity to the OS thread, meaning that the OS thread identity is made equal to the J2EE role identity for the duration of the context under which the EJB method invocation occurs. This message indicates that while an application has been configured to utilize SyncToOSThread functionality, the server it is installed into is not configured to support SyncToOSThread capabilities. User Response: If SyncToOSThread capabilities are desired for the server in question, please refer to the InfoCenter for a description as to how to enable SyncToOSThread for a server. ________________________________________________________________ Chapter 1, pg. 4 (new message) Message identifier - BBOJ0084W Explanation: SyncToOSThread synchronizes the J2EE role identity to the OS thread, meaning that the OS thread identit is made equal to the J2EE role identity for the duration of the request. This message indicates tha while an application has been configured to utilize SyncToOSThread functionality, the server it is installed into is not configured to support SyncToOSThread capabilities. User Response: If SyncToOSThread capabilities are desired for the server in question, please refer to the InfoCenter for a description as to how to enable SyncToOSThread for a server. ________________________________________________________________ APAR PQ81584 requires the following change to the InfoCenter. To access the latest online documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390/library/ APAR PQ81584 provides the following new articles to the InfoCenter: -"Synchronizing a Java thread identity and an operating system thread identity" -"WebSphere Application Server for z/OS global security options" -"Considerations for setting Synch to OS Thread Allowed using WebSphere Studio Application Developer" -"Understanding application Synch to OS Thread Allowed" -"Understanding Java 2 Platform, Enterprise Edition identity and an operating system thread identity" -"Understanding Connection Manager RunAs Identity Enabled and operating system security" -"When to use application Synch to OS Thread Allowed" -"When to use Connection Manager RunAs Identity Enabled" APAR PQ81584 provides an update to the existing InfoCenter articles: - "Overriding the RunAs Subject on the Thread" - "Java Authentication and Authorization Service authorization" - "Connection thread identity" - "Security states with thread identity support" - "Using thread identity support" APAR PQ81584 is associated with SERVICE LEVEL W502008 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ81584.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ81584
IBM Group: Software Group
Modified date: Jun 3, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.