PQ65647: APPSERVER ARGUMENTS SEQUENCE WRONG WHEN TRYING TO SETUP SPLIT SECURITY.

 Fixes are available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)
System Management Component Cumulative Fix for 4.0.2/4.0.3/4.0.4 /4.0.5



APAR status
Closed as program error.

Error description
I discussed the problem with our L3 WebSphere security team
They indicated this is a known problem and provided the
following
    corrections/additions to the instructions in the InfoCenter
    ********************
Description:
    There is a system management problem reading from the
ConfigURL
    file.
    The properties get overwritten by the one's passed in from
the command
    line when the process gets launched.
    To disable security in appserver, add the following line to
the JVM:
    settings in the appserver (for LTPA)
    com.ibm.CORBA.SSLTypeIClientAssociationEnabled=false
    com.ibm.CORBA.LocalOSClientAssociationEnabled=false
    com.ibm.CORBA.LTPAClientAssociationEnabled=false
    com.ibm.CORBA.DCEClientAssociationEnabled=false
    com.ibm.CORBA.SSLTypeIServerAssociationEnabled=true
    com.ibm.CORBA.LocalOSServerAssociationEnabled=false
    com.ibm.CORBA.LTPAServerAssociationEnabled=true
    .
    Modify the sas.server.props as shown in the InfoCenter:
    add the following line the sas.server.props
    .
    # Client Association properties
    com.ibm.CORBA.SSLTypeIClientAssociationEnabled=true
    com.ibm.CORBA.LocalOSClientAssociationEnabled=false
    com.ibm.CORBA.LTPAClientAssociationEnabled=true
    # Server Association properties
    com.ibm.CORBA.SSLTypeIServerAssociationEnabled=true
    com.ibm.CORBA.LocalOSServerAssociationEnabled=false
    com.ibm.CORBA.LTPAServerAssociationEnabled=true
.
The work-around does work in the customer's environment. The
problem is
that the cleaner and proper way of implementing the property
settings is
to use the
   param:
"-Dcom.ibm.CORBA.ConfigURL=file:///usr/WebSphere/AppServer/
   properties/sas.appserver.props"
Local fix
Commands must be entered individually instead of in the props
file.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users trying    *
*                 to disable security on specific application  *
*                 servers per InfoCenter, section 5.7.7        *
****************************************************************
* PROBLEM DESCRIPTION: When the user follows the procedures    *
*                      documented in InfoCenter 5.7.7 to       *
*                      selectively disable security on         *
*                      specified application server, he will   *
*                      find that security remains enabled.     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The cause of the problem is that the ORB parameters were being
passed after the JVM Config options.  Since ORB has default
values for these parameters, they were overriding the ones the
user was trying to set.
Problem conclusion
Changed the way we build the command line so that JVM settings
made by the user will follow (and therefore override) the
default ORB settings.
Temporary fix
Test fix available on wasdoc0:/apars/PQ65647.
Comments
APAR information
APAR number PQ65647
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-08-27
Closed date 2002-10-15
Last modified date 2003-04-30

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ADMINSVR          

SRLS

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ65647
IBM Group: Software Group
Modified date: Apr 30, 2003