IBM Support

PH15281: PH8346 PostgreSQL Large Object API blocked

Fixes are available

19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Sorry, recreated from 266031 due to some catch-22 in trying
to change from F to D type vs. RTC flow and agents.

Link to OL issue:
https://github.com/OpenLiberty/open-liberty/issues/8346

Summary:
When Liberty supports new JDBC drivers, or newer versions of
existing JDBC drivers, we always investigate the
vendor-specific API of the JDBC driver to ensure that we are
blocking any operations that allow direct access to the
underling JDBC objects, because it allows the application to
mutate the state of the JDBC objects beyond the knowledge of
Liberty's JDBC integration layer and can lead to data
integrity issues.
During my investigation of the PostgreSQL JDBC driver I
identified the above 3 operations which may cause data
integrity issues and blocked them. The difference here is
that typically we do this investigation before many user
applications have time to adopt the JDBC driver, but in this
case PostgreSQL is used by many applications and we were
just now getting around to doing a proper
investigation/support procedure for it.
I misunderstood this process a bit, and thought my team had
blanket approval to block JDBC operations that we deemed to
be a data integrity risk, since this is a procedure my team
does on a fairly regular basis. However, this is not the
case and I should have raised these JDBC operations to the
POC via my architect (Fred Rowe) before I blocked them.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  Users of IBM WebSphere Application Server   *
*                  Liberty that use a PostgreSQL database      *
****************************************************************
* PROBLEM DESCRIPTION: Liberty Blocks all Large Object API     *
*                      functions for Postgres                  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The Postgres JDBC Driver allows for accessing the LargeObjectAPI
calls to deal with storing large files with the oid type in
Postgres.

As of Websphere Liberty 19.0.0.7 these apis have been blocked
for use by Websphere.

Attempting to use them results in errors such as:

java.sql.SQLFeatureNotSupportedException: DSRA9130E: Operation
is not permitted by the application server: getLargeObjectAPI
    at
com.ibm.ws.rsadapter.jdbc.WSJdbcWrapper.invoke(WSJdbcWrapper.jav
a:224)
    at
com.ibm.ws.rsadapter.jdbc.WSJdbcConnection.invoke(WSJdbcConnecti
on.java:4124)

In Liberty 19.0.0.5 the following PostgreSQL methods were
blocked because they may result in connection integrity issues
when interoperating with the Liberty connection pool:
  - org.postgresql.PGConnection.getLargeObjectAPI()
  - org.postgresql.PGConnection.getFastPathAPI()
  - org.postgresql.PGConnection.setAutoSave(AutoSave)

    



Problem conclusion


    

  • Several PostgreSQL-specific APIs were blocked in 19.0.0.5
because they may result in connection integrity issues when
interoperating with the Liberty connection pool.

In Liberty 19.0.0.8 code was added to Liberty to properly
interoperate with the blocked APIs, and then the API blockage
was lifted.

The fix for this APAR is currently targeted for inclusion in fix
pack 19.0.0.8.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH15281
    • 

  • Reported component name
    WAS LIBERTY COR
    • 

  • Reported component ID
    5725L2900
    • 

  • Reported release
    CD0
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-08-05
    • 

  • Closed date
    2019-10-14
    • 

  • Last modified date
    2019-10-14
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WAS LIBERTY COR
    • 

  • Fixed component ID
    5725L2900
    • 



Applicable component levels


    

  • RCD0  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback