PQ97970: CLIENT CONTAINER CONNECTING TO ZOS WEBSPHERE ACROSS RMI PORT WITH SECURITY ENABLED FAILS. | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Customer application has a secure bean and deployed on zOS WebSphere. The client sets the following in the sas.client.props file: com.ibm.CORBA.securityEnabled=true com.ibm.CSI.performMessageConfidentialitySupported=true com.ibm.CSI.performMessageIntegritySupported=true com.ibm.CSI.performTransportAssocSSLTLSSupported=true The customer is using WSAD client utility to connect to zOS WebSphere. zOS WebSphere has Global security enabled. The client sees a java exception. The top of the JAVA exception trace looks like: [11/30/04 9:00:10:843 CST] 4dac7546 d UOW= source=SASRas org=IBM prod=WebSphere component=Application Server [CSIv2TaggedComponent.getCSIv2TaggedComponentList], [ServerID: -1] parm1=org.omg.CORBA.MARSHAL: Read beyond end of input stream minor code: 4942F8E2 completed: No at com.ibm.rmi.iiop.CDRInputStream.grow(CDRInputStream.java:567) at com.ibm.rmi.iiop.CDRInputStream.alignAndCheck(CDRInputStream.jav a:537) at com.ibm.rmi.iiop.CDRInputStream.alignAndCheck(CDRInputStream.jav a:462) at com.ibm.rmi.iiop.CDRInputStream.read_long(CDRInputStream.java:69 1) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2466) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2743) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2731) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2743) at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577) at com.ibm.rmi.corba.AnyImpl.read_value(AnyImpl.java:481) at com.ibm.rmi.pi.CodecImpl.decode_value(CodecImpl.java:118) at com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponen t.getCSIv2TaggedComponentList(CSIv2TaggedComponent.java:533) at com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterc eptor.getConnectionKey(SecurityConnectionInterceptor.java:1484) at com.ibm.ws.orbimpl.transport.WSTransport.getConnection(Unknown Source) at com.ibm.CORBA.transport.TransportBase.getConnection(TransportBas e.java:158) at com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:83) at com.ibm.rmi.iiop.GIOPImpl.locate(GIOPImpl.java:174) -------------------------------------------------------- If you obtain an orb trace out of WSAD, you will see that the connect to the server is successfull but, the data returned to the Client causes the failure.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Read beyond end of input stream * * minor code: 4942F8E2 when a distributed * * client attempts to connect using the * * SAS protocol to WebSphere with Daemon * * SSL enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** The CSIv2 security tag created in a WebSphere Daemon running with SSL enabled can, depending on the length of the hostname of the system, contain incorrect data in its SAS_ContextSec mechanism. The code to build the Association Options portion of the mechanism does not update the offset for the target_requires field. This causes the target_requires field to be overlaid by the ServiceConfiguration list. The SAS_ContextSec mechanism now has incomplete data, and the distributed client throws an exception trying to read past the end of the data.Problem conclusion The code that builds the Security CSIv2 tag was changed to update the offset, space remaining and working pointer fields after the target_requires field was set. APAR PQ97970 is associated with SERVICE LEVEL W502020 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ97973 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ97970.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ97970
IBM Group: Software Group
Modified date: Jan 5, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.