PQ81584: SYNCH TO THREAD

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Synch to thread support
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Application Sync to OS thread is the    *
*                      ability to place the Java identity      *
*                      being used by an EJB or web             *
*                      application on the thread of            *
*                      execution if the registry is localOS.   *
*                      Without this support, the identity of   *
*                      the server is used when access is       *
*                      attempted to resources controlled by    *
*                      the local OS.                           *
*                      There are migration considerations      *
*                      for:                                    *
*                      - customers migrating from WebSphere    *
*                      Application Server 3.5 to WebSphere     *
*                      Application Server V5.0 for z/OS who    *
*                      rely on the ability to access z/OS      *
*                      Operating System resources using the    *
*                      HTTP client identity.                   *
*                      - customers migrating applications      *
*                      from WebSphere Application Server       *
*                      V4.0.1 for z/OS and OS/390 to           *
*                      WebSphere Application Server V5.0 for   *
*                      z/OS who use the IBM Synchronize        *
*                      option for EJB methods to access z/OS   *
*                      Operating System resources.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Application Sync to OS Thread provides the capability for the
application to synchronize the RunAs identity being used with
the identity on the thread at the z/OS level. This identity is
used by SAF to access resources (such as HFS files) that
are controlled by the operating system. This capability is
provided for EJBs and for Web applications. Application Sync
to OS Thread is only supported for localOS registries.
A global switch is also provided for each server, so the
ability to synchronize the identities can be enabled or
disabled at the server level. If application Sync to OS
Thread is enabled for the server, each application's Sync to
OS Thread flag is honored. If synchronization is disabled,
the server identity is always used.

The existing Enable Sync to Thread flag is renamed to be
Connection Manager RunAs Identity Enabled
Refer to the WebSphere Application Server for z/OS global
security options for more information.
Problem conclusion
Code is added to the application deployment tools for EJBs and
web applications to specify application Sync to OS Thread.
In the WebSphere Application Server administrative console,
there is a new z/OS Global security option Connection Manager
RunAs Identity Enabled.  This option replaces Sync to OS Thread
Allowed function for managing thread identity synchronization.

Code is also added to the runtime code, customization dialog,
administrative console, EJB container, and Web container to
implement this function.

The following publication was revised as a result APAR PQ81584:
 _______________________________________________________________
WebSphere Application Server V5 for z/OS
Messages and Codes
GA22-7915-00
________________________________________________________________
NOTE: Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text. To access the latest on-line
documentation, go to the product library page at:

www.ibm.com/software/webservers/appserv/zos_os390/library.html
________________________________________________________________
Chapter 1, pg. 4 (new message)
Message identifier - BBOJ0081W
Explanation: SyncToOSThread synchronizes the J2EE role identity
            to the OS thread, meaning that the OS thread
            identity is made equal to the J2EE role identity for
            the duration of the context under which the EJB
            method invocation occurs. This message indicates
            that while an application has been configured to
            utilize SyncToOSThread functionality, the server it
            is installed into is not configured to support
            SyncToOSThread capabilities.
User Response: If SyncToOSThread capabilities are desired for
               the server in question, please refer to the
               InfoCenter for a description as to how to enable
               SyncToOSThread for a server.
________________________________________________________________
Chapter 1, pg. 4 (new message)
Message identifier - BBOJ0084W
Explanation: SyncToOSThread synchronizes the J2EE role identity
            to the OS thread, meaning that the OS thread identit
            is made equal to the J2EE role identity for the
            duration of the request.  This message indicates tha
            while an application has been configured to utilize
            SyncToOSThread functionality, the server it is
            installed into is not configured to support
            SyncToOSThread capabilities.
User Response: If SyncToOSThread capabilities are desired for
               the server in question, please refer to the
               InfoCenter for a description as to how to enable
               SyncToOSThread for a server.
________________________________________________________________

APAR PQ81584 requires the following change to the InfoCenter. To
access the latest online documentation, go to the product
library page at:

www.ibm.com/software/webservers/appserv/zos_os390/library/

APAR PQ81584 provides the following new articles to the
InfoCenter:

 -"Synchronizing a Java thread identity and an operating
   system thread identity"
 -"WebSphere Application Server for z/OS global security
   options"
 -"Considerations for setting Synch to OS Thread Allowed using
   WebSphere Studio Application Developer"
 -"Understanding application Synch to OS Thread Allowed"
 -"Understanding Java 2 Platform, Enterprise Edition identity
   and an operating system thread identity"
 -"Understanding Connection Manager RunAs Identity Enabled and
   operating system security"
 -"When to use application Synch to OS Thread Allowed"
 -"When to use Connection Manager RunAs Identity Enabled"

APAR PQ81584 provides an update to the existing InfoCenter
articles:

 - "Overriding the RunAs Subject on the Thread"
 - "Java Authentication and Authorization Service authorization"
 - "Connection thread identity"
 - "Security states with thread identity support"
 - "Using thread identity support"

APAR PQ81584 is associated with SERVICE LEVEL W502008 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ81584
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-12-02
Closed date 2004-05-07
Last modified date 2004-06-03

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced
GA22791500        

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ88257    UP04/05/13 P F405

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ81584.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ81584
IBM Group: Software Group
Modified date: Jun 3, 2004