PQ76008: GETCALLERPRINCIPAL() RETURNS INCORRECT USER IDENTITY WHEN RUNAS METHOD IS NOT FIRST METHOD IN THE GLOBAL TRANSACTION. | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When a "RunAs" method invokes a bean method in another server, the remote method should run with the same "RunAs" identity in the remote server. The customer application invokes several "RunAs" methods in turn, each one with a different RunAs identity. EACH of those RunAs methods invokes a remote method which calls getCallerPrincipal() to discover the ID running the remote method. All of the method invocations in both servers are happening under one global transaction. Analysis of the results shows the first remote method inherits the expected "RunAs" identity, but subsequent remote method invocations do not inherit the expected identity. All the subsequent methods appear to run under the "RunAs" identity of the first remote method in the global transaction.Local fix This behavior can be avoided by running each remote method in different transactions. This workaround is not recommended if the remote methods make data source updates which must be rolled back completely if an error occurs in any one of the methods.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * version 4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: Security context is not propagated into * * the server region for every method of a * * transaction. * **************************************************************** * RECOMMENDATION: * **************************************************************** If the security context associated with a request is different across multiple methods running under a single transaction, only the original security context information is used in the server region. The security environment of the application will not change across methods, even though the inbound methods contain different security information.Problem conclusion Code changed to copy security context from control to server region on every method, not just the first method in a transaction. APAR PQ76008 is associated with SERVICE LEVEL W401510 of WebSphere Application Server version 4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ76110 Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ76008
IBM Group: Software Group
Modified date: Aug 6, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.