PQ70783: CALLING GETCALLERPRINCIPAL() SHOULD NOT DEPEND ON APPLICATION SERVER STATUS.

APAR status
Closed as Permanent restriction.

Error description
1) By using examples provided from customer, and codes
inspection, seems behaviours in all 4.0.x releases are the
same, in ptf5, i get UNAUTHENTICATED, and in prior ptf5, i get
RuntimeException.  Either way, it does not work as expected by
customer.
.
2) The reason why it does not work is a run timing issue, as
there is a gap between servlet.init() and security
initialization in app server side.  Whenever security
initialization is not totally done, you get UNAUTHENTICATED
credential. Current codes require that calling
getCallerPrincipal() after app server started, which is why get
UNAUTHENTICATED credential.
.
3) What is going to be fixed is to check if security server is
initailized or not, rather than check app server
initialization. If security server is initialized,
getCallerPrincipal() should be processed.
Local fix
No known workaround
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security        *
*                 users who try to create or access a secured  *
*                 object within servlet init method.           *
****************************************************************
* PROBLEM DESCRIPTION: Creating or accessing secured objects   *
*                      from within the init method could fail  *
*                      authentication or authorization.        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Creating or accessing secured EJBs from within the init
method could fail for authentication or authorization reasons.
Problem conclusion
Creating or accessing protected objects should be done after
the servlet init method, in the doPost() or doGet() methods.
Temporary fix
provide test fix.
Comments
APAR information
APAR number PQ70783
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PRS
PE NoPE
HIPER NoHIPER
Submitted date 2003-02-07
Closed date 2003-03-21
Last modified date 2003-03-21

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ70783
IBM Group: Software Group
Modified date: Mar 21, 2003