Customers may experience intermittent, random
authentication and authorization failures by legitimate users attempting
to access a secured web site when WebSphere 4.0x is configured with Domino
5.x as the LDAP server. The solution given below may apply if:
The errors are more frequent when more users are concurrently accessing
the application server
The errors appear, or appear more frequently, on a multiple-CPU
system
The application or administrative log files include some or all of the
following errors:
- CNTR0019E: Non-application exception occurred while processing method
findByPrivilegeAttributeId: java.lang.NullPointerException
- CNTR0020E: Non-application exception occurred while processing method
getDisplayName on bean BeanId(admin#repository.jar#userRegistryEntry,
com.ibm.ejs.security.registry.RegistryEntryPrimaryKey@80a0b24d):
java.lang.NullPointerException (method name in error message may
vary)
- SECJ0129A: Authorization failed for JDoe while invoking POST on
myhost:/MyWebApp/myPage.jsp, Authorization failed, Not granted any of the
required roles: My Defined User Role (Host name, web application name,
user name and role name(s) will vary. Bear in mind that this message is
legitimate if a user does not have authority to access the target
resource).
- SECJ0055A: Authentication failed for johndoe (User name will vary.
Bear in mind that this message is legitimate if the user is not listed in
the LDAP registry or does not supply the valid password. )
|
These errors may be caused by defects in the WebSphere
Application Server and Domino R5 directory server products relating to
multithreading. Resolution:
If using Domino R5, upgrade to Domino R6. R5 contains logic which may
terminate LDAP connections which are still active, triggering problems in
WebSphere security.
If using WebSphere 4.05 or earlier, upgrade to WebSphere 4.06 and apply
the cumulative security fix for WebSphere 4.0, available from the
WebSphere Application Server support site. The 4.06 maintenance upgrade
and the security fix contain corrections to multithreading defects which
can cause the errors listed above.
|