PM77076: NEED A WS-SECURITY PACKAGE FOR STACK PRODUCTS

Fixes are available

APAR status

Closed as program error.

Error description

Need an out-of-box ws-security package that does not have
dependency on WebSphere Application Server platform and works
with other J2EE servers shipped in IBM products.

Local fix

```
n/a
```

Problem summary

****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server            *
*                  developers of WS-Security enabled JAX-WS    *
*                  web services applications                   *
****************************************************************
* PROBLEM DESCRIPTION: A Web Services Security common          *
*                      component does not exist for            *
*                      IBM stacked products to use.            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The WebSphere WS-Security runtime was initially designed to
run on either the Axis2 runtime shipped in WebSphere
Application Server or on open-source Axis2.  A separate jar
for use with open-source Axis2 was never created.

Problem conclusion

The JAX-WS WS-Security build process is updated to build a jar
that can be used with open-source Axis2.  This jar is not
distributed with the WebSphere Application Server product.  It
is availble only for distribution by IBM products that wish to
use it.

However, other updates are made to the JAX-WS WS-Security
common code in the application server to facilitate this
change.

The following external updates are made to the application
server:

1) wsjaas_client.conf packaged in the thinclient jar:

JAX-WS thin client applications will no longer have to set the
JVM system property to identify the JAAS configuration file.
This is
-Djava.security.auth.login.config=(profileRoot)\properties\wsja
as_client.conf

The default wsjaas_client.conf has been packaged into
com.ibm.jaxws.thinclient_*.jar.  When running on a thin
client, if the WS-Security runtime cannot find the JAAS
configuration, it will load this default JAAS configuration
file out of the thinclient jar.

2) New SPIs are added to
com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory

public boolean isServiceProvider()
public TokenGeneratorConfig getTokenGeneratorConfig(Map
WSSContext)
public TokenConsumerConfig getTokenConsumerConfig(Map
WSSContext)
public List getConsumedTokens(Map WSSContext)

3) Error fixed in thinclien platform.properties

In the platform.properties file in the thinclient jar, the
value for the com.ibm.ws.wssecurity.platform.ExchangeToken
property is incorrect.  This will cause some
GenericSecurityToken scenarios to fail.  The value is corrected.

The fix for this APAR is currently targeted for inclusion in
fix packs 7.0.0.29, 8.0.0.6, and the fix pack following
8.5.0.2. Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PM77076
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-11-14
Closed date
2013-02-06
Last modified date
2013-02-06

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R700 PSY
UP
R800 PSY
UP
R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 October 2021

Tips

PM77076: NEED A WS-SECURITY PACKAGE FOR STACK PRODUCTS

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R700 PSY

R800 PSY

R850 PSY

Document Information

Share your feedback

Need support?