PQ65647: APPSERVER ARGUMENTS SEQUENCE WRONG WHEN TRYING TO SETUP SPLIT SECURITY. | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description I discussed the problem with our L3 WebSphere security team They indicated this is a known problem and provided the following corrections/additions to the instructions in the InfoCenter ******************** Description: There is a system management problem reading from the ConfigURL file. The properties get overwritten by the one's passed in from the command line when the process gets launched. To disable security in appserver, add the following line to the JVM: settings in the appserver (for LTPA) com.ibm.CORBA.SSLTypeIClientAssociationEnabled=false com.ibm.CORBA.LocalOSClientAssociationEnabled=false com.ibm.CORBA.LTPAClientAssociationEnabled=false com.ibm.CORBA.DCEClientAssociationEnabled=false com.ibm.CORBA.SSLTypeIServerAssociationEnabled=true com.ibm.CORBA.LocalOSServerAssociationEnabled=false com.ibm.CORBA.LTPAServerAssociationEnabled=true . Modify the sas.server.props as shown in the InfoCenter: add the following line the sas.server.props . # Client Association properties com.ibm.CORBA.SSLTypeIClientAssociationEnabled=true com.ibm.CORBA.LocalOSClientAssociationEnabled=false com.ibm.CORBA.LTPAClientAssociationEnabled=true # Server Association properties com.ibm.CORBA.SSLTypeIServerAssociationEnabled=true com.ibm.CORBA.LocalOSServerAssociationEnabled=false com.ibm.CORBA.LTPAServerAssociationEnabled=true . The work-around does work in the customer's environment. The problem is that the cleaner and proper way of implementing the property settings is to use the param: "-Dcom.ibm.CORBA.ConfigURL=file:///usr/WebSphere/AppServer/ properties/sas.appserver.props"Local fix Commands must be entered individually instead of in the props file.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users trying * * to disable security on specific application * * servers per InfoCenter, section 5.7.7 * **************************************************************** * PROBLEM DESCRIPTION: When the user follows the procedures * * documented in InfoCenter 5.7.7 to * * selectively disable security on * * specified application server, he will * * find that security remains enabled. * **************************************************************** * RECOMMENDATION: * **************************************************************** The cause of the problem is that the ORB parameters were being passed after the JVM Config options. Since ORB has default values for these parameters, they were overriding the ones the user was trying to set.Problem conclusion Changed the way we build the command line so that JVM settings made by the user will follow (and therefore override) the default ORB settings.Temporary fix Test fix available on wasdoc0:/apars/PQ65647.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ65647
IBM Group: Software Group
Modified date: Apr 30, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.