PM01276: ASYNCBEANS SEE CORBA NO_PERMISSION MINOR CODE 0X49424307

Fixes are available

APAR status

Closed as program error.

Error description

The WebSphere Application Server scheduler had tried to run an
asynchronous bean task and received the following:

----------------------------------------------------------------
[10/23/09 10:33:02:362 PDT] 00000039 J2EEContext   E
ASYN9999E: Unexpected Exception Occurred:
com.ibm.websphere.asynchbeans.SerialDeserialException: Exception
while deserializing a saved service.  Service=security. Unable
to deserialize the Subjects in this Context
at
com.ibm.ws.asynchbeans.J2EEContext.setSavedServicesFromBytes(J2E
EContext.java:1913)
at
com.ibm.ws.asynchbeans.J2EEContext.readObject(J2EEContext.java:1
506)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor
Impl.java:79)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
AccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at
java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.jav
a:1002)
at
java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:
1834)
...
...
Caused by: com.ibm.websphere.security.WSSecurityException:
Failed to deserialize Context.
at
com.ibm.ws.security.context.ContextImpl.doLogin(ContextImpl.java
:523)
at
com.ibm.ws.security.context.ContextImpl.deserializeSubjects(Cont
extImpl.
java:806)
at
com.ibm.ws.security.context.ContextImpl.readObject(ContextImpl.j
ava:773)
... 53 more
----------------------------------------------------------------

Which was followed closely by...

----------------------------------------------------------------
[10/23/09 10:33:02:387 PDT] 00000039 AlarmListener E
SCHD0076E: Scheduler resource WSRRScheduler
(sched/WSRRScheduler) was unable to fire a notification event
of FIRING for task with task id 1 because the following error
occurred: SCHD0137E: Unable to create EJB instance for
NotificationSink: java.rmi.AccessException: CORBA NO_PERMISSION
0x49424307 No; nested exception is:
----------------------------------------------------------------

Local fix

In order to create LTPA tokens while deserializing the subjects
for the specified users, the APAR PK32564 introduced the
property,

com.ibm.ws.security.createTokenSubjectForAsynchLogin

setting that property to true will create forwardable tokens for
usage by async beans.

In order to bypass this defect that this APAR addresses,
set this security property to true,

com.ibm.CSI.WSSecurityContextActiveForwardable

In summary, with out this APAR there are 2 configuration
properties that are needed in order to create an LTPA token
that can be used by async beans,

1. com.ibm.ws.security.createTokenSubjectForAsynchLogin
2. com.ibm.CSI.WSSecurityContextActiveForwardable

The second one is needed due to the code defect described above.

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server V6.1 and V7.0                        *
****************************************************************
* PROBLEM DESCRIPTION: For WebSphere Application Server,       *
*                      when the property                       *
*                      com.ibm.ws.security.createTokenSubjectF *
*                      orAsynchLogin is set to true, a         *
*                      forwardable credentialis not created    *
*                      if the property                         *
*                      com.ibm.CSI.WSSecurityContextActiveForw *
*                      ardable is not set.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
For WebSphere Application Server, the property
com.ibm.CSI.WSSecurityContextActiveForwardable is expected to
be available if the credential is forwardable. If the property
is not set, it is assumed that the credential is forwardable.
Async Beans expect a forwardable LTPA token, but since the
property com.ibm.CSI.WSSecurityContextActiveForwardable is not
set, it does not create a forwardable LTPA token, thus causing
a CORBA NO_PERMISSION when attempting to execute an async bean
task.

Problem conclusion

The security code was modified to honor the default value of
true for the property
com.ibm.CSI.WSSecurityContextActiveForwardable.

The fix for this APAR is currently targeted for inclusion in
fix packs 6.1.0.31 and 7.0.0.11.  Please refer to the
Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PM01276
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-11-13
Closed date
2010-02-19
Last modified date
2010-04-06

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
R700 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 December 2021

Tips

PM01276: ASYNCBEANS SEE CORBA NO_PERMISSION MINOR CODE 0X49424307

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R61A PSY

R61H PSY

R61I PSY

R61P PSY

R61S PSY

R61W PSY

R61Z PSY

R700 PSY

Document Information

Share your feedback

Need support?