PQ63574: INTERMITTENT AUTHORIZATION FAILURES FOR AUTHENTICATED USERS THATBELONG TO A ROLE | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description Intermittent authorization failures occur for authenticated users who are properly configured for a security role. The customer has discovered that the problem may not be intermittent, and may instead occur on the first web application loaded when starting an application server. The problem seems to occur because for the first web app loaded the user registry value is null on the call to addAuthorizationTable(), so fillMissingAccessIds() does not occur. This results in the roles information not being available when performing authorizations for those roles. . This problem may be the same as the one reported in internal defect 139504.Local fix The customer has worked around the problem by building a workaround into the WSAccessManager. They inserted a fix into the constructor whose signature is "public WSAccessManager(RegistryImpl registryimpl)". The fix simply inserts a call to fillAccessIds() to force the authorization information to be loaded.Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security. * **************************************************************** * PROBLEM DESCRIPTION: Intermitant authorization problems due * * to improper authorization table * * initialization. * **************************************************************** * RECOMMENDATION: * **************************************************************** Intermittent authorization problems due to improper authorization table initialization. The tables were not initialized properly due to the improper use of a boolean value which was used to indicate initialization state of the tables.Problem conclusion The boolean value was used at times to indicate a single table had been initialized when it should only be used to indicate all tables had been initialized. This was corrected.Temporary fix Contained in security cumulative eFix PQ63457 or more recent.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ63574
IBM Group: Software Group
Modified date: Aug 20, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.