Fixes are available
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
8.0.0.5: WebSphere Application Server V8.0 Fix Pack 5
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
APAR status
Closed as program error.
Error description
User configured CSIv2 outbound message layer authentication to be "Never" as follows: Global Security -> CSIv2 outbound communications For the "CSIv2 Message Layer" setting - Message Layer Authentication = "Never" - All check boxes for "Allow client to server authentication with:" are left unchecked. These settings populate the security.xml as follows: <layers xmi:type="orb.securityprotocol:MessageLayer" xmi:id="MessageLayer_2" authenticationLayerRetryCount="3" supportedAuthMechList=""> <requiredQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_4" establishTrustInClient="false"/> <supportedQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_3" establishTrustInClient="false"/> </layers> On startup of the zWAS server, they got the following exception: BossLog: { 0009} 2011/08/05 14:10:08.085 03 SYSTEM=MVA3 CELL=V80CELL1 NODE=NODE8 CLUSTER=WCLV80Z1 SERVER=WZV80Z1 PID=0X10402A8 TID=0X1A4D730000000000 t=9E6B70 c=UNK ./bbgrjtr.cpp+717 tag= ... FFDC1003I: FFDC Incident emitted on /WebSphere/V80/AppServer/profiles/default/logs/ffdc/V80Cell1Base _Node8MV SA3_server8_WZV80Z1_STC09938_0000035C00000003_4702b90_11.08.05_1 4.10.07. 7636734974370455935284.txt com.ibm.ws.security.auth.ContextManagerImpl.getInvocationSubject 1669 BossLog: { 0010} 2011/08/05 14:10:08.117 03 SYSTEM=MVA3 CELL=V80CELL1 NODE=NODE8 CLUSTER=WCLV80Z1 SERVER=WZV80Z1 PID=0X10402A8 TID=0X1A4D730000000000 t=9E6B70 c=UNK ./bbgrjtr.cpp+717 tag= ... FFDC provider error java.lang.IllegalStateException: Invalid empty string for supportedAuthMechList at com.ibm.ws.security.config.CSIv2MessageLayerConfig.initialize(CS Iv2Messa geLayerConfig.java:76) at com.ibm.ws.security.config.CSIv2MessageLayerConfig.<init>(CSIv2M essageLa yerConfig.java:50) at ... As a result, CSIv2 failed to initialize and runtime errors appeared when applications attempted to perform CSIv2 outbound communication. The errors reported that the client did not support client authentication at the transport level, even though it was configured to do so.
Local fix
User's can enable one of the message layer authentication methods, like Basic Auth, for CSIv2 outbound communication to avoid the initialization failure and runtime errors.
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V8.0 * **************************************************************** * PROBLEM DESCRIPTION: IllegalStateException and/or * * NullPointerExceptions configuring * * CSIv2 MessageLayer to Never. * **************************************************************** * RECOMMENDATION: * **************************************************************** IllegalStateException and/or NullPointerExceptions configuring CSIv2 MessageLayer to Never and selecting no Authentication Mechanism from adminconsole panel: Global security > CSIv2 inbound communications java.lang.NullPointerException at com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponen t.getCSIv2ComponentData(CSIv2TaggedComponent.java:764) at com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityTaggedComponentA ssistorImpl.getComponentData(SecurityTaggedComponentAssistorImpl .java:315) at com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityComponentFactory .establish_components(SecurityComponentFactory.java:486) at com.ibm.rmi.pi.InterceptorManager.iterateEstablishComponents(Int erceptorManager.java:873) at com.ibm.rmi.IOR.runInterceptors(IOR.java:314) at com.ibm.rmi.IOR.putProfile(IOR.java:496) at com.ibm.rmi.IOR.<init>(IOR.java:251) at com.ibm.rmi.IOR.<init>(IOR.java:221) at com.ibm.CORBA.iiop.ORB.createIOR(ORB.java:2022) at com.ibm.ws390.orb.ORB.registerWithASR(ORB.java:2594) at com.ibm.ws390.orb.CommonBridge.pushRegisterWithASR(CommonBridge. java:2269) at com.ibm.ws390.orb.ORBEJSBridge.pushRegisterWithASR(ORBEJSBridge. java:631) Trace: 2012/01/23 13:37:53.649 02 t=9E5B70 c=UNK key=P8 tag= (13007004) SourceId: com.ibm.ffdc.util.provider.FfdcProvider ExtendedMessage: FFDC provider errorjava.lang.IllegalStateException: Invalid empty string for supportedAuthMechList at com.ibm.ws.security.config.CSIv2MessageLayerConfig.initialize(CS Iv2MessageLayerConfig.java:76) at com.ibm.ws.security.config.CSIv2MessageLayerConfig.<init>(CSIv2M essageLayerConfig.java:50) at com.ibm.ws.security.config.CSIv2IOBoundConfig.do_getLayers(CSIv2 IOBoundConfig.java:99) at com.ibm.ws.security.config.CSIv2IOBoundConfig.getLayers(CSIv2IOB oundConfig.java:118) at com.ibm.ws.security.config.CSIv2IOBoundConfig.getLayer(CSIv2IOBo undConfig.java:130) at com.ibm.ws.security.config.CSIv2ConfigImpl.serverSetCSIValues(CS Iv2ConfigImpl.java:942) at com.ibm.ws.security.config.CSIv2ConfigImpl.initializeOnServer(CS Iv2ConfigImpl.java:726) at com.ibm.ws.security.config.CSIv2ConfigImpl.initialize(CSIv2Confi gImpl.java:1105) at com.ibm.ws.security.config.CSIv2ConfigImpl.<init>(CSIv2ConfigImp l.java:94) at com.ibm.ws.security.config.SecurityConfigObjectFactoryImpl.creat eCSIv2Config(SecurityConfigObjectFactoryImpl.java:116) at com.ibm.ws.security.config.SecurityObjectLocator.do_getCSIv2Conf ig(SecurityObjectLocator.java:837) at com.ibm.ws.security.config.SecurityObjectLocator.getCSIv2Config( SecurityObjectLocator.java:867) at com.ibm.ws.security.config.SecurityObjectLocator.getCSIv2Config( SecurityObjectLocator.java:858) at com.ibm.ws.security.auth.ContextManagerImpl.getProperty(ContextM anagerImpl.java:2079) at com.ibm.ws.security.auth.ContextManagerImpl.getProperty(ContextM anagerImpl.java:2130) at com.ibm.websphere.security.WSSecurityException.printStackTrace(W SSecurityException.java:230) at com.ibm.ffdc.util.formatting.IncidentReportHeader.writeTo(Incide ntReportHeader.java:77) at com.ibm.ffdc.util.provider.IncidentStream.write(IncidentStream.j ava:204) at com.ibm.ffdc.util.provider.IncidentLogger.writeHeader(IncidentLo gger.java:70) at com.ibm.ffdc.util.provider.IncidentLogger.writeIncidentTo(Incide ntLogger.java:61) at com.ibm.ws.ffdc.impl.FfdcProvider.logIncident(FfdcProvider.java: 172) at com.ibm.ws.ffdc.impl.FfdcProvider.logIncident(FfdcProvider.java: 108) at com.ibm.ffdc.util.provider.FfdcProvider.log(FfdcProvider.java:25 1) at com.ibm.ws.ffdc.impl.FfdcProvider.log(FfdcProvider.java:116) at com.ibm.ffdc.util.provider.IncidentEntry.log(IncidentEntry.java: 96) at com.ibm.ffdc.util.provider.Ffdc.log(Ffdc.java:94) at com.ibm.ws.ffdc.FFDCFilter.processException(FFDCFilter.java:84) at com.ibm.ws.management.util.SecurityHelper.getInvocationSubject(S ecurityHelper.java:527) at com.ibm.ws.management.util.SecurityHelper.retrieveSubject(Securi tyHelper.java:446) at com.ibm.ws.management.event.ListenerInfo.<init>(ListenerInfo.jav a:74) at com.ibm.ws.management.event.LocalNotificationService.createListe nerInfo(LocalNotificationService.java:198) at com.ibm.ws.management.event.LocalNotificationService.addListener Internal(LocalNotificationService.java:193) at com.ibm.ws.management.event.ClientNotificationService.addClientL istenerInternal(ClientNotificationService.java:125) at com.ibm.ws.management.event.ClientNotificationService.addNotific ationListenerExtended(ClientNotificationService.java:113) at com.ibm.ws.management.AdminServiceImpl.addNotificationListenerEx tended(AdminServiceImpl.java:1666) at com.ibm.ws.management.repository.ServantFileRepository.initializ e(ServantFileRepository.java:782) at com.ibm.ws.management.component.AdminImpl.initializeConfigReposi tory(AdminImpl.java:1316) at com.ibm.ws.management.component.AdminImpl.initialize(AdminImpl.j ava:484) at com.ibm.ws.runtime.component.ContainerHelper.initWsComponent(Con tainerHelper.java:1192) at com.ibm.ws.runtime.component.ContainerHelper.initializeComponent (ContainerHelper.java:1099) at com.ibm.ws.runt***BUFFER OVERFLOW***
Problem conclusion
"Message Layer Authentication" of "Never" and selecting no authentication Mechanisms under "Allow client to server authentication with:" is a valid configuration. Code has been changed to support that configuration setting. Note that such settings are not very function in a realistic AppServer enviroment, but it is a valid configuration. APAR PM49615 is currently targeted for inclusion in Service Level (Fix Pack) 8.0.0.4 of WebSphere Application Server V8.0. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 In addition, please refer to URL: http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack PTF information.
Temporary fix
N/A
Comments
APAR Information
APAR number
PM49615
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-10-07
Closed date
2012-02-03
Last modified date
2012-08-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R800 PSY
UP
Document Information
Modified date:
28 October 2021