PQ76110: GETCALLERPRINCIPAL() RETURNS INCORRECT USER IDENTITY WHEN RUNAS METHOD IS NOT FIRST METHOD IN THE GLOBAL TRANSACTION. | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When a "RunAs" method invokes a bean method in another server, the remote method should run with the same "RunAs" identity in the remote server. The customer application invokes several "RunAs" methods in turn, each one with a different RunAs identity. EACH of those RunAs methods invokes a remote method which calls getCallerPrincipal() to discover the ID running the remote method. All of the method invocations in both servers are happening under one global transaction. Analysis of the results shows the first remote method inherits the expected "RunAs" identity, but subsequent remote method invocations do not inherit the expected identity. All the subsequent methods appear to run under the "RunAs" identity of the first remote method in the global transaction.Local fix This behavior can be avoided by running each remote method in different transactions. This workaround is not recommended if the remote methods make data source updates which must be rolled back completely if an error occurs in any one of the methods.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Security context is not propagated into * * the servant for every method of a * * transaction. * **************************************************************** * RECOMMENDATION: * **************************************************************** If the security context associated with a request is different across multiple methods running under a single transaction, only the original security context information is used in the servant. The security environment of the application will not change across methods, even though the inbound methods contain different security information.Problem conclusion Code was changed to copy security context from controller to servant on every method, not just the first method in a transaction. APAR PQ76110 is associated with SERVICE LEVEL W500103 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ76008 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ76110.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ76110
IBM Group: Software Group
Modified date: Sep 5, 2003
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.