PQ69036: APPLYING 11/19 CUMULATIVE SECURITY EFIX ON WAS 4.0.4 CAUSES SECJ0129A AUTHORIZATION FAILURE THAT DIDN'T OCCUR BEFORE EFIX | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Environnment: WebSphere Application Server (WAS) 4.0.4 AE LDAP server . Description: After applying the 11/19/2002 cumulative security eFix, customer starts getting the following exception in the stdout file that didn't occur before the cumulative security efix was applied: . [12/5/02 10:29:02:301 CST] 6e93ebd8 WebCollaborat A SECJ0129A: Authorization failed for <user> while invoking POST on default_host:<url>, Authorization failed, Not granted any of the required roles: <existing role> -------------------------------------------- Note: Defect list for V4.0.5 fix pack incorrectly lists PQ69036 as corrected in V4.0.5. PQ69036 is actually corrected in V4.0.6. Also, there is the possibility of seeing this problem in V4.0.x even if 11/19/2002 cumulative fix was not applied. Addnl keywords: SECJ0053E WSCP0024E ejscpExtensionLocal fix Remove the cumulative security eFixProblem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users who have * * enabled security and use LDAP for the user * * registry. * **************************************************************** * PROBLEM DESCRIPTION: Authorization failure (403) received * * after security cache timeout is * * exceeded. * **************************************************************** * RECOMMENDATION: * **************************************************************** After the cache timeout is exceeded, authorization failures (403) could occur. The reason is while creating new credentials, the group type was not properly appended to the group name which cuased the authorization code to fail in finding the proper group name in security roles.Problem conclusion The group type is now properly appended to the group name. A fix for this APAR will be contained in any security cumulative eFix dated after the closure date of this APAR.Temporary fix A test fix was provided.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ69036
IBM Group: Software Group
Modified date: Feb 9, 2004
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.