PQ63574: INTERMITTENT AUTHORIZATION FAILURES FOR AUTHENTICATED USERS THATBELONG TO A ROLE

APAR status
Closed as program error.

Error description
Intermittent authorization failures occur for authenticated
users who are properly configured for a security role.  The
customer has discovered that the problem may not be
intermittent, and may instead occur on the first web application
loaded when starting an application server.  The problem seems
to occur because for the first web app loaded the user registry
value is null on the call to addAuthorizationTable(), so
fillMissingAccessIds() does not occur.  This results in the
roles information not being available when performing
authorizations for those roles.
.
This problem may be the same as the one reported in internal
defect 139504.
Local fix
The customer has worked around the problem by building a
workaround into the WSAccessManager.  They inserted a fix into
the constructor whose signature is "public
WSAccessManager(RegistryImpl registryimpl)".  The fix simply
inserts a call to fillAccessIds() to force the authorization
information to be loaded.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security.                       *
****************************************************************
* PROBLEM DESCRIPTION: Intermitant authorization problems due  *
*                      to improper authorization table         *
*                      initialization.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Intermittent authorization problems due to improper
authorization table initialization.  The tables were not
initialized properly due to the improper use of a boolean
value which was used to indicate initialization state of the
tables.
Problem conclusion
The boolean value was used at times to indicate a single table
had been initialized when it should only be used to indicate
all tables had been initialized.  This was corrected.
Temporary fix
Contained in security cumulative eFix 
PQ63457 or more recent.
Comments
APAR information
APAR number PQ63574
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-07-26
Closed date 2002-08-20
Last modified date 2002-08-20

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Fix information
Fixed component name WEBSPHERE AE SO
Fixed component ID 5630A2202

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ63574
IBM Group: Software Group
Modified date: Aug 20, 2002