PQ97970: CLIENT CONTAINER CONNECTING TO ZOS WEBSPHERE ACROSS RMI PORT WITH SECURITY ENABLED FAILS.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Customer application has a secure bean and deployed on zOS
WebSphere. The client sets the following in the sas.client.props
file:
com.ibm.CORBA.securityEnabled=true
com.ibm.CSI.performMessageConfidentialitySupported=true
com.ibm.CSI.performMessageIntegritySupported=true
com.ibm.CSI.performTransportAssocSSLTLSSupported=true
The customer is using WSAD client utility to connect to zOS
WebSphere. zOS WebSphere has Global security enabled. The client
sees a java exception. The top of the JAVA exception trace looks
like:
[11/30/04 9:00:10:843 CST] 4dac7546  d UOW=  source=SASRas
org=IBM prod=WebSphere component=Application Server
          [CSIv2TaggedComponent.getCSIv2TaggedComponentList],
[ServerID: -1]
 parm1=org.omg.CORBA.MARSHAL: Read beyond end of input stream
minor code: 4942F8E2  completed: No
 at
com.ibm.rmi.iiop.CDRInputStream.grow(CDRInputStream.java:567)
 at
com.ibm.rmi.iiop.CDRInputStream.alignAndCheck(CDRInputStream.jav
a:537)
 at
com.ibm.rmi.iiop.CDRInputStream.alignAndCheck(CDRInputStream.jav
a:462)
 at
com.ibm.rmi.iiop.CDRInputStream.read_long(CDRInputStream.java:69
1)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2466)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2743)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2731)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2743)
 at com.ibm.rmi.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2577)
 at com.ibm.rmi.corba.AnyImpl.read_value(AnyImpl.java:481)
 at com.ibm.rmi.pi.CodecImpl.decode_value(CodecImpl.java:118)
 at
com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponen
t.getCSIv2TaggedComponentList(CSIv2TaggedComponent.java:533)
 at
com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterc
eptor.getConnectionKey(SecurityConnectionInterceptor.java:1484)
 at
com.ibm.ws.orbimpl.transport.WSTransport.getConnection(Unknown
Source)
 at
com.ibm.CORBA.transport.TransportBase.getConnection(TransportBas
e.java:158)
 at
com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:83)
 at com.ibm.rmi.iiop.GIOPImpl.locate(GIOPImpl.java:174)
--------------------------------------------------------
   If you obtain an orb trace out of WSAD, you will see that
the connect to the server is successfull but, the data returned
to the Client causes the failure.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Read beyond end of input stream         *
*                      minor code: 4942F8E2 when a distributed *
*                      client attempts to connect using the    *
*                      SAS protocol to WebSphere with Daemon   *
*                      SSL enabled.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The CSIv2 security tag created in a WebSphere Daemon running
with SSL enabled can, depending on the length of the hostname
of the system, contain incorrect data in its SAS_ContextSec
mechanism.  The code to build the Association Options portion
of the mechanism does not update the offset for the
target_requires field.  This causes the target_requires field
to be overlaid by the ServiceConfiguration list.  The
SAS_ContextSec mechanism now has incomplete data, and the
distributed client throws an exception trying to read past the
end of the data.
Problem conclusion
The code that builds the Security CSIv2 tag was changed to
update the offset, space remaining and working pointer fields
after the target_requires field was set.

APAR PQ97970 is associated with SERVICE LEVEL W502020 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ97970
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-12-03
Closed date 2004-12-15
Last modified date 2005-01-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ97973

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ96100    UP04/12/21 P F412

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ97970.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ97970
IBM Group: Software Group
Modified date: Jan 5, 2005