PK73520: CORBA.NO_PERMISSION IS THROWN DURING ORB CALLBACK

Fixes are available

APAR status

Closed as program error.

Error description

Making an RMI call from WAS V6.1 app server to  WAS 6.0 app
server.  When CSIV2 is set to "required" these errors are
seen on the 6.0 app server:
[CSIClientRI.send_request], [ServerID: test-test]
ERROR: Unauthenticated credential found, client auth
required
by client or server, throwing NO_PERMISSION.
-
com.ibm.rmi.pi.InterceptorManager iterateSendRequest:430
ORB.thread.pool : 0 The following exception was logged
org.omg.CORBA.NO_PERMISSION: ERROR: Unauthenticated credential
found, client auth required by client or server, throwing
NO_PERMISSION.
vmcid: 0x49421000  minor code: 92  completed: No

-
This is the flow:
WAS 6.1 -- User VVVV -- makes secured RMI call from WAS 6.1 to
WAS 6.0 for meta CodeBase of EJB Call.
WAS 6.0 -- replies back successfully.( User VVVV can be seen
reaching here)
WAS 6.1 -- then makes the ejb.create call. ( User is still
there)
WAS 6.0 -- replies successfully. ( User is still there)
WAS 6.1 -- now makes the call for an individual method on the
bean. (User is still there)
WAS 6.0 -- receives the request -- Initiates a call back for

meta Codebase of 6.1 back to 6.1, it creates a new
connection instead of using the existing connection
with its credentials.( here is where the problem is).
WAS 6.0 -- gets an Unauth credential error (
CORBA.NO_PERMISSION)
while connecting back to WAS 6.1 because WAS 6.1
CSIv2
inbound is BasicAuth "required".

Local fix

Use "Supported" instead of "Required"
SEARCH KEYWORDS: security csi csiv2 inbound outbound supported

Problem summary

****************************************************************
* USERS AFFECTED:  All users of WebSphere Application Server   *
****************************************************************
* PROBLEM DESCRIPTION: CORBA.NO_PERMISSION is thrown during    *
*                      ORB callback when CSIv2 Outbound        *
*                      Basic Authentication is set to          *
*                      required on a server.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In this scenario, when ORB callback occurs, a new ORB
connection is being established, in this context, a server
will act as a client and the client will act as a server.
During establishing the new ORB connection, the security code
performs authentication and authorization based on current
CSIv2 settings although this callback does not need to be
authenticated and authorized. As a result, if authentication or
authorization check fails in this ORB callback, the original
ORB call also fails.

Problem conclusion

With this fix, the security code skips authenticating and
authorizing ORB callback.

The fix for this APAR is currently targeted for inclusion in
fixpack 6.0.2.33, 6.1.0.23 and 7.0.0.3. Please refer to the
Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PK73520
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
60A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-10-08
Closed date
2008-11-10
Last modified date
2008-11-10

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R60A PSY
UP
R60H PSY
UP
R60I PSY
UP
R60P PSY
UP
R60S PSY
UP
R60W PSY
UP
R60Z PSY
UP
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
R700 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 December 2021

Tips

PK73520: CORBA.NO_PERMISSION IS THROWN DURING ORB CALLBACK

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R60A PSY

R60H PSY

R60I PSY

R60P PSY

R60S PSY

R60W PSY

R60Z PSY

R61A PSY

R61H PSY

R61I PSY

R61P PSY

R61S PSY

R61W PSY

R61Z PSY

R700 PSY

Document Information

Share your feedback

Need support?