PQ76008: GETCALLERPRINCIPAL() RETURNS INCORRECT USER IDENTITY WHEN RUNAS METHOD IS NOT FIRST METHOD IN THE GLOBAL TRANSACTION.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
When a "RunAs" method invokes a bean method in another server,
the remote method should run with the same "RunAs" identity in
the remote server. The customer application invokes several
"RunAs" methods in turn, each one with a different RunAs
identity.  EACH of those RunAs methods invokes a remote method
which calls getCallerPrincipal() to discover the ID running
the remote method. All of the method invocations in both
servers are happening under one global transaction. Analysis of
the results shows the first remote method inherits the expected
"RunAs" identity, but subsequent remote method invocations do
not inherit the expected identity. All the subsequent methods
appear to run under the "RunAs" identity of the first remote
method in the global transaction.
Local fix
This behavior can be avoided by running each remote method in
different transactions. This workaround is not recommended if
the remote methods make data source updates which must be
rolled back completely if an error occurs in any one of the
methods.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390            *
****************************************************************
* PROBLEM DESCRIPTION: Security context is not propagated into *
*                      the server region for every method of a *
*                      transaction.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If the security context associated with a request is different
across multiple methods running under a single transaction,
only the original security context information is used in the
server region.  The security environment of the application
will not change across methods, even though the inbound methods
contain different security information.
Problem conclusion
Code changed to copy security context from control to server
region on every method, not just the first method in a
transaction.

APAR PQ76008 is associated with SERVICE LEVEL W401510 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ76008
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-07-03
Closed date 2003-07-29
Last modified date 2003-08-06

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ76110

Modules/Macros
BBOUBINF          

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ78989    UP03/08/01 P F307

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ76008
IBM Group: Software Group
Modified date: Aug 6, 2003