PQ74275: SYNC-TO-OS-THREAD SUPPORT CAUSES ACCESS FAILURES WHEN UPDATING BBO.STATEFUL_BEANS TABLE AND WHEN ISSUING SET CURRENT SQLID. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Two problems occur when bean methods are deployed with the SyncToOSThread attribute. For stateful session beans, the EJB container attempts to store state information in the DB2 table BBO.STATEFUL_BEANS table using the userid credentials specified by the user instead of the userid credentials of the server region. These updates to the table fail when the user does not have sufficient credentials to update the table. Also, SET CURRENT SQLID statements are executed to switch user credentials from the server to user credentials. The EJB container later attempts to SET CURRENT SQLID back to its own SQLID, but the thread is running with the user's credentials and does not have authority to switch SQLIDs.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * version 4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: With SyncToOSThread enabled, accesses * * to bbo.stateful tables are incorrectly * * done under the credentials of the * * user-id sync'd to the thread. * * Additionally, db2 connections created * * during CMP connection management use * * the credentials of the identity sync'd * * to the thread which may not necessarily * * be desired. * **************************************************************** * RECOMMENDATION: * **************************************************************** BBO.stateful tables are accessed using the credentials of the identity sync'd to the thread. These accesses are done in order for the appserver to provide some service and therefore should always be done under the credentials of the appserver. Datasources created and subsequently utilized by CMP connection management are always created with the credentials of the user-id sync'd to the thread. There are instances where these connections should be created under the credentials of the server and there should be some flexibility.Problem conclusion BBO.stateful tables are now accessed under the credentials of the appserver. For CMP Datasources, there is now an external available that allows the user to dictate what credentials should be used for the datasource. APAR PQ74275 requires the following changes to WebSphere V4.0.1 for z/OS and OS/390 documentation: APAR PQ74275 requires the following changes to WebSphere V4.0.1 for z/OS and OS/390 documentation: NOTE: Periodically, we refresh the documentation on our Web site, so these changes might have been made before you read this text. To access the latest on-line documentation, go to the product library page at URL: www.ibm.com/software/webservers/appserv/zos_os390/library/ Documentation Changes: The following documentation changes will be made to support these changes: 1. The following new error (minor) codes will be added to "WebSphere Application Server V4.0.1 for z/OS and OS/390: Messages and Diagnosis",GA22-7837-07: 0xC9C240E7 Explanation: Attempted to remove the server's credentials from the thread while passivating/activating/removing a stateful bean. 0xC9C240E8 Explanation: Attempted to remove the server's credentials from the thread after getting a connection for CMP. 0xC9C240E9 Explanation: Attempted to remove the server's credentials from the thread after getting an initial connection for CMP. 2. The JVM properties table contained in Appendix A of "WebSphere Application Server V4.0.1 for z/OS and OS/390: Installation and Customization",GA22-7834-08, and "WebSphere Application Server V4.0.1 for z/OS and OS/390: Assembling J2EE Applications",SA22-7836-08, will be updated to include the new JVM property, com.ibm.websphere.persistence.cmp.synchToOSThread. noDelegateUserCredentialToConnection, 3. These appendices will also be updated to include the following description of this JVM property: com.ibm.websphere.persistence.cmp.synchToOSThread. noDelegateUserCredentialToConnection=true|false Specifies whether or not a user's credentials will be propagated to a thread. If true is specified, the user's credentials will be propagated. If false is specified, the user's credentials will not be propagated. The default is false. APAR PQ74275 is associated with SERVICE LEVEL W401511 of WebSphere Application Server version 4.0.1 for z/OS and OS/390.Temporary fix Comments **** PE03/10/14 FIX IN ERROR. SEE APAR PQ79578 FOR DESCRIPTION
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ79317 Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ74275
IBM Group: Software Group
Modified date: Oct 22, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.