Fixes are available
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12
21.0.0.3: WebSphere Application Server Liberty 21.0.0.3
21.0.0.4: WebSphere Application Server Liberty 21.0.0.4
21.0.0.5: WebSphere Application Server Liberty 21.0.0.5
21.0.0.6: WebSphere Application Server Liberty 21.0.0.6
21.0.0.7: WebSphere Application Server Liberty 21.0.0.7
21.0.0.8: WebSphere Application Server Liberty 21.0.0.8
21.0.0.9: WebSphere Application Server Liberty 21.0.0.9
21.0.0.1: WebSphere Application Server Liberty 21.0.0.1
21.0.0.2: WebSphere Application Server Liberty 21.0.0.2
21.0.0.10: WebSphere Application Server Liberty 21.0.0.10
21.0.0.11: WebSphere Application Server Liberty 21.0.0.11
21.0.0.12: WebSphere Application Server Liberty 21.0.0.12
22.0.0.1: WebSphere Application Server Liberty 22.0.0.1
22.0.0.2: WebSphere Application Server Liberty 22.0.0.2
22.0.0.3: WebSphere Application Server Liberty 22.0.0.3
22.0.0.4: WebSphere Application Server Liberty 22.0.0.4
APAR status
Closed as program error.
Error description
During an Oauth2.0 routine on WebSphere Liberty, when a database lookup occurs during cleanup operations, an SQL statement is run that includes the LIMIT option. However if the SQL database doesn't support LIMIT, an error is thrown similar to the following: ERROR: syntax error at or near "LIMIT" The cleanup method seen in the stack trace is the following: com.ibm.ws.security.oauth20.plugins.db.CachedDBOidcTokenStor e$Cl eanupThread.runCleanup(CachedDBOidcTokenStore.java:819)
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM WebSphere Application Server * * Liberty - OAuth * **************************************************************** * PROBLEM DESCRIPTION: During Liberty OAuth 2.0 database * * cleanup processing, a SQL syntax error * * for the 'LIMIT' option may occur. * **************************************************************** * RECOMMENDATION: * **************************************************************** During Liberty OAuth 2.0 database cleanup processing, a SQL syntax error for the 'LIMIT' may occur. This can happen with databases such as PostgreSQL. Here is an example stack trace: org.postgresql.util.PSQLException: ERROR: syntax error at or near "LIMIT" Position: 76 at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(Qu eryExecutorImpl.java:2102) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExe cutorImpl.java:1835) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorIm pl.java:257) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc 2Statement.java:500) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(Abs tractJdbc2Statement.java:388) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc 2Statement.java:381) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor Impl.java:95) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod AccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at org.postgresql.ds.jdbc23.AbstractJdbc23PooledConnection$Statemen tHandler.invoke(AbstractJdbc23PooledConnection.java:455) at com.sun.proxy.$Proxy44.execute(Unknown Source) at com.ibm.ws.rsadapter.jdbc.WSJdbcPreparedStatement.execute(WSJdbc PreparedStatement.java:395) at com.ibm.ws.security.oauth20.plugins.db.CachedDBOidcTokenStore$Cl eanupThread.runCleanup(CachedDBOidcTokenStore.java:819) at com.ibm.ws.security.oauth20.plugins.db.CachedDBOidcTokenStore$Cl eanupThread.run(CachedDBOidcTokenStore.java:752)
Problem conclusion
The CachedDBOidcTokenStore class uses the LIMIT option in an SQL statement during cleanup. Some database implementations do not allow the LIMIT keyword in SQL statements. Liberty OAuth 2.0 is updated to remove the 'LIMIT' keyword from the SQL statments used during cleanup. The fix for this APAR is currently targeted for inclusion in fix pack 17.0.0.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI84349
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-07-11
Closed date
2017-10-05
Last modified date
2017-10-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814
Applicable component levels
R855 PSY
UP
Document Information
Modified date:
04 May 2022