PK81635: THE ENDPTENABLER COMMAND DOES NOT USE A CUSTOM DEFINED URL PATTERN

Fixes are available

APAR status

Closed as program error.

Error description

When running the endptEnabler command, a custom URL pattern can
be defined in a properties file as...

<ejbJarName>.<port_local_name>.http.urlPattern=<custom-URL>

This fix will result in the endptEnabler using the custom URL
pattern for the EJB JAR's HTTP router module's security
information.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  Users of WebSphere Application Server V7    *
*                  endptEnabler tool with the                  *
*                  -enableHttpRouterSecurity flag.             *
****************************************************************
* PROBLEM DESCRIPTION: Version 7 endptEnabler  command might   *
*                      not use the custom URL pattern in an    *
*                      HTTP router module's security           *
*                      configuration.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Users can specify that the V7 endptEnabler tool generate a
custom URL pattern in the HTTP router module's deployment
descriptor (web.xml). This pattern appears in the deployment
descriptor's servlet-mapping and is part of the endpoint URL
used to access a web service. The custom URL pattern is
specified with the
<ejbJarName>.<port_local_name>.http.urlPattern property.

Additionally, if the EJB is secured, users can also give
the -enableHttpRouterSecurity flag to specify
that the EJB's HTTP router module is also secured. A problem
occurs if a custom URL pattern is given in conjunction with
-enableHttpRouterSecurity; endptEnabler does not use this
pattern in the HTTP router module's security configuration
(also defined in the deployment descriptor), though the custom
pattern appears in the servlet-mapping.

Here is an excerpt from an example deployment descriptor:

    <servlet-mapping>
        <servlet-name>HelloWorldWebServiceEjb</servlet-name>
        <url-pattern>HelloWorld</url-pattern>
    </servlet-mapping>
    <security-constraint>
        <web-resource-collection>
           <web-resource-name>
            HelloWorldWebServicesEJB_HTTPRouter.war
           </web-resource-name>
           <url-pattern>/HelloWorldWebServiceSvc</url-pattern>
            ...

"HelloWorld" in the servlet-mapping is a custom URL pattern,
but a different URL pattern, "HelloWorldWebServiceSvc," is
defined in the security configuration. This inconsistency
might lead to this runtime error on the server where the EJB
runs:

[04/02/09 09:03:08:279 GMT] 00000028 SecurityColla 3
Authorization
failed accessing EJB com.ibm.ws.security.core.AccessException:
Subject:
Principal: /UNAUTHENTICATED
Public Credential:
com.ibm.ws.security.auth.WSCredentialImpl@4780478 is
not granted any of the required roles: HelloUser
at
com.ibm.ws.security.core.WSAccessManager.checkAccess(WSAccessMan
ager.java:447)
at
com.ibm.ws.security.core.SecurityCollaborator.ejbCheckAuthorizat
ion(SecurityCollaborator.java:1479)
at
com.ibm.ws.security.core.SecurityCollaborator.performAuthorizati
on(SecurityCollaborator.java:515)
at
com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSe
curityCollaborator.java:245)
at
com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSCon
tainer.java:4058)
at
com.ibm.ejs.container.EJSContainer.EjbPreInvoke(EJSContainer.jav
a:3345)
at
com.ibm.ejs.container.WSEJBWrapper.ejbPreInvoke(WSEJBWrapper.jav
a:174)
...

Problem conclusion

The endptEnabler tool was corrected so that the custom URL
pattern also appears in the HTTP router module's security
configuration.

The fix for this APAR is currently targeted for inclusion in
fixpack 7.0.0.5.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PK81635
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-03-02
Closed date
2009-03-18
Last modified date
2009-04-13

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R700 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
25 October 2021

Tips

PK81635: THE ENDPTENABLER COMMAND DOES NOT USE A CUSTOM DEFINED URL PATTERN

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R700 PSY

Document Information

Share your feedback

Need support?