Fixes are available
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
When the the EncodingType attribute is included on the wsse:Nonce element in a SOAP Security header sent to a JAX-RPC application, the following error may occur: WSEC0121E: The Nonce (randomly generated value) is null or zero length. Following is an example of a Nonce element that will cause the error: <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-mes sage-security-1.0#Base64Binary"> q+XSjt6vcCbtee75lMSkwQ==</wsse:Nonce>
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server V6.1 and * * V7.0 users of WS-Security enabled JAX-RPC * * applications * **************************************************************** * PROBLEM DESCRIPTION: WSEC0121E error may occur in a * * JAX-RPC appliation when an * * EncodingType attribute is included on * * the wsse:Nonce element. * **************************************************************** * RECOMMENDATION: Install a fix pack that contains this APAR. * **************************************************************** When the the EncodingType attribute is included on the wsse:Nonce element in a SOAP Security header, the following error may occur in a JAX-RPC application: com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC0121E: The Nonce (randomly generated value) is null or zero length. Following is an example of a Nonce element that will cause the error: <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-mes sage-security-1.0#Base64Binary"> q+XSjt6vcCbtee75lMSkwQ==</wsse:Nonce> The wsse namespace is http://schemas.xmlsoap.org/ws/2002/xx/secext
Problem conclusion
This problem occurs because the WS-Security runtime is not recognizing the value provided for the EncodingType attribute on the wsse:Nonce element. During runtime, the "http:" portion of the value is being improperly removed before being compared to the list of recognized values. The WS-Security runtime is updated to properly process the EncodingType attribute on the wsse:Nonce element. The fix for this APAR is currently targeted for inclusion in fix packs 6.1.0.37 and 7.0.0.17. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM29584
Reported component name
WEBSERVIC FEATU
Reported component ID
5724J0850
Reported release
61W
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-12-27
Closed date
2011-01-17
Last modified date
2011-01-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
R700 PSY
UP
Document Information
Modified date:
27 October 2021