PQ74275: SYNC-TO-OS-THREAD SUPPORT CAUSES ACCESS FAILURES WHEN UPDATING BBO.STATEFUL_BEANS TABLE AND WHEN ISSUING SET CURRENT SQLID.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Two problems occur when bean methods are deployed with the
SyncToOSThread attribute. For stateful session beans, the EJB
container attempts to store state information in the DB2 table
BBO.STATEFUL_BEANS table using the userid credentials specified
by the user instead of the userid credentials of the server
region. These updates to the table fail when the user does not
have sufficient credentials to update the table.
  Also, SET CURRENT SQLID statements are executed to switch
user credentials from the server to user credentials. The EJB
container later attempts to SET CURRENT SQLID back to its own
SQLID, but the thread is running with the user's credentials
and does not have authority to switch SQLIDs.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390            *
****************************************************************
* PROBLEM DESCRIPTION: With SyncToOSThread enabled, accesses   *
*                      to bbo.stateful tables are incorrectly  *
*                      done under the credentials of the       *
*                      user-id sync'd to the thread.           *
*                      Additionally, db2 connections created   *
*                      during CMP connection management use    *
*                      the credentials of the identity sync'd  *
*                      to the thread which may not necessarily *
*                      be desired.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
BBO.stateful tables are accessed using the credentials of the
identity sync'd to the thread. These accesses are done in
order for the appserver to provide some service and therefore
should always be done under the credentials of the appserver.

Datasources created and subsequently utilized by CMP
connection management are always created with the credentials
of the user-id sync'd to the thread. There are instances
where these connections should be created under the
credentials of the server and there should be
some flexibility.
Problem conclusion
BBO.stateful tables are now accessed under the credentials of
the appserver.

For CMP Datasources, there is now an external available that
allows the user to dictate what credentials should be used
for the datasource.

APAR PQ74275 requires the following changes to WebSphere V4.0.1
for z/OS and OS/390 documentation:

APAR PQ74275 requires the following changes to WebSphere V4.0.1
for z/OS and OS/390 documentation:

NOTE: Periodically, we refresh the documentation on our Web
site, so these changes might have been made before you read
this text. To access the latest on-line documentation, go to
the product library page at URL:

www.ibm.com/software/webservers/appserv/zos_os390/library/

Documentation Changes: The following documentation changes
will be made to support these changes:

1. The following new error (minor) codes will be
   added to "WebSphere Application Server V4.0.1 for z/OS
   and OS/390: Messages and Diagnosis",GA22-7837-07:

   0xC9C240E7

   Explanation: Attempted to remove the server's credentials
   from the thread while passivating/activating/removing a
   stateful bean.

   0xC9C240E8

   Explanation: Attempted to remove the server's credentials
   from the thread after getting a connection for CMP.

   0xC9C240E9

   Explanation: Attempted to remove the server's credentials
   from the thread after getting an initial connection for CMP.

2. The JVM properties table contained in Appendix A of
   "WebSphere Application Server V4.0.1 for z/OS and OS/390:
   Installation and Customization",GA22-7834-08, and
   "WebSphere Application Server V4.0.1 for z/OS and OS/390:
   Assembling J2EE Applications",SA22-7836-08, will be updated
   to include the new JVM property,
   com.ibm.websphere.persistence.cmp.synchToOSThread.
        noDelegateUserCredentialToConnection,


3. These appendices will also be updated to include the
   following description of this JVM property:

   com.ibm.websphere.persistence.cmp.synchToOSThread.
       noDelegateUserCredentialToConnection=true|false

   Specifies whether or not a user's credentials will be
   propagated to a thread. If true is specified, the user's
   credentials will be propagated. If false is specified,
   the user's credentials will not be propagated. The default
   is false.

APAR PQ74275 is associated with SERVICE LEVEL W401511 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
**** PE03/10/14 FIX IN ERROR. SEE APAR 
PQ79578  FOR DESCRIPTION
APAR information
APAR number PQ74275
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-05-16
Closed date 2003-08-08
Last modified date 2003-10-22

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UQ79317

Modules/Macros
BBOAPCEI BBOAPIAI BBOAPIOI BBOAXCEI BBOCEIOP BBOCLSES
BBOCSESS BBOCSMGR BBOCSMHS BBOCSMRH BBOCSMRI BBOCSMRS
BBOCSSES BBODDAUT BBODMN BBOIDRMI BBOIHDOI BBOIIMAI
BBOILSMI BBOIROOT BBOISOI BBOI3PLI BBOJBOUI BBOLORB
BBOLSYS BBOMCDM BBOMDDLO BBOMENV BBOMIB06 BBOMIB10
BBOMIB80 BBOMICP BBOMID10 BBOMIMRI BBOMPROC BBOMSBO2
BBOMSBO3 BBOMSBO4 BBOMSBO6 BBOMSBO7 BBOMSCO BBOMSMS
BBOMSYSI BBOMUTIL BBOOBOAI BBOOBOAT BBOOBOKC BBOOCBG
BBOOCM BBOOCOMM BBOOCSM BBOOCTL BBOOCVN BBOOEJSB
BBOOGCOD BBOOGSVD BBOOIMPR BBOOOBJ BBOOORB BBOOORBR
BBOORIRI BBOOSISA BBOOSMOI BBOOSR BBOOSRWT BBOOTRD
BBOPBSC BBORJSRV BBORLOG BBOSEBL BBOSNFED BBOSQ03
BBOSSDMA BBOSSECM BBOSSESS BBOSSGSK BBOSSIOR BBOSSRIB
BBOSSSKR BBOTIF BBOTSRA BBOTSRM BBOTTCR BBOTTF
BBOTTMCR BBOTTMSR BBOTTSCU BBOTTSR BBOUBINF BBOUENUS
BBOZ0229 BBOZ0766 BBOZ0812 BBOZ0813    

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ79317    UP03/08/14 P F308

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ74275
IBM Group: Software Group
Modified date: Oct 22, 2003