PQ76110: GETCALLERPRINCIPAL() RETURNS INCORRECT USER IDENTITY WHEN RUNAS METHOD IS NOT FIRST METHOD IN THE GLOBAL TRANSACTION.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
When a "RunAs" method invokes a bean method in another server,
the remote method should run with the same "RunAs" identity in
the remote server. The customer application invokes several
"RunAs" methods in turn, each one with a different RunAs
identity.  EACH of those RunAs methods invokes a remote method
which calls getCallerPrincipal() to discover the ID running
the remote method. All of the method invocations in both
servers are happening under one global transaction. Analysis of
the results shows the first remote method inherits the expected
"RunAs" identity, but subsequent remote method invocations do
not inherit the expected identity. All the subsequent methods
appear to run under the "RunAs" identity of the first remote
method in the global transaction.
Local fix
This behavior can be avoided by running each remote method in
different transactions. This workaround is not recommended if
the remote methods make data source updates which must be
rolled back completely if an error occurs in any one of the
methods.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Security context is not propagated into *
*                      the servant for every method of a       *
*                      transaction.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If the security context associated with a request is different
across multiple methods running under a single transaction,
only the original security context information is used in the
servant.  The security environment of the application
will not change across methods, even though the inbound methods
contain different security information.
Problem conclusion
Code was changed to copy security context from controller to
servant on every method, not just the first method in a
transaction.

APAR PQ76110 is associated with SERVICE LEVEL W500103 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ76110
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-07-08
Closed date 2003-08-01
Last modified date 2003-09-05

APAR is sysrouted FROM one or more of the following:
PQ76008

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ79132    UP03/08/08 P F308

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ76110.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ76110
IBM Group: Software Group
Modified date: Sep 5, 2003