PK78683: APPLICATION CODE RUNNING IN A SERVANT REGION CANNOT ACCESS AN APPLICATION CUSTOM MBEAN WITH SECURITY ENABLED

Fixes are available

APAR status

Closed as program error.

Error description

Application code running in a servant region cannot access an
application custom MBean in that same server when security is
enabled unless the application is running under an identity
with Monitor access.
.
This works for WebSphere Application Server on Distributed
6.0.2 platforms because the application server is all in one
process.  On WebSphere Application Server for z/OS with the
Controller Region (CR) / Servant Region (SR) split, there
are security checks when calling from the CR where there is
a dynamic proxy of the custom mbean to the SR where the actual
mbean resides.
.
The failure seen may be similar to:
.
Trace: 2008/06/27 12:25:36.755 01 t=8CF4F8 c=12.2 key=P8
   Description: Log Boss/390 Error
   from filename: ./bborjtr.cpp
   at line: 932
   error message: BBOO0220E: SRVE0026E: Servlet Error
                                               - HelloServlet:
java.lang.reflect.UndeclaredThrowableException: ADMN0022E:
 Access is denied for the getVersionsForAllProducts operation
 on Server MBean because of insufficient or empty credentials.
at com.ibm.ws.management.AdminServiceImpl$1.run
                                  (AdminServiceImpl.java:1087)
at com.ibm.ws.security.util.AccessController.doPrivileged
                        (AccessController.java(Compiled Code))
at com.ibm.ws.management.AdminServiceImpl.invoke
                                   (AdminServiceImpl.java:932)
...
 Caused by: javax.management.JMRuntimeException: ADMN0022E:
 Access is denied for the getVersionsForAllProducts operation
 on Server MBean because of insufficient or empty credentials.
at com.ibm.ws.management.AdminServiceImpl.preInvoke
                        (AdminServiceImpl.java(Compiled Code))
...

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of WebSphere Application Server   *
*                  V6.0.1 for z/OS with                        *
*                  application custom MBean.                   *
****************************************************************
* PROBLEM DESCRIPTION:  User with valid role sometimes is      *
*                       unable to access application created   *
*                       custom MBean.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
java.lang.reflect.UndeclaredThrowableException: ADMN0022E:
Access is denied for the <operation name> operation on <mbean
name> MBean because of insufficient or empty credentials.
at com.ibm.ws.management.AdminServiceImpl$1.run
(AdminServiceImpl.java:1087)
at com.ibm.ws.security.util.AccessController.doPrivileged
(AccessController.java(Compiled Code))
at com.ibm.ws.management.AdminServiceImpl.invoke
(AdminServiceImpl.java:932)

Problem conclusion

Changed admin authorization code to allow valid user to access
application custom MBean.
.
APAR PK78683 is currently targeted for inclusion in Service
Level (Fix Pack) 6.0.2.35 of WebSphere Application Server V6.0.1
for z/OS.
.
Please refer to URL:
//www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
for Fix Pack availability.

Temporary fix

Comments

APAR Information

APAR number
PK78683
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
601
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-01-14
Closed date
2009-06-10
Last modified date
2009-06-10

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

PK79600 PK79602

Fix information

Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500

Applicable component levels

R601 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 December 2021

Tips

PK78683: APPLICATION CODE RUNNING IN A SERVANT REGION CANNOT ACCESS AN APPLICATION CUSTOM MBEAN WITH SECURITY ENABLED

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R601 PSY

Document Information

Share your feedback

Need support?