Fixes are available
8.5.5.1: WebSphere Application Server V8.5.5 Fix Pack 1
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
8.5.5.2: WebSphere Application Server V8.5.5 Fix Pack 2
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
APAR status
Closed as program error.
Error description
Restricting roles to COS ( Common Object Service ) Naming Read operation will cause the OTiS system application to generate entries in FFDC log files as well as an org.omg.CORBA.NO_PERMISSION error in the WebSphere System Error log file. SystemOut.log file contents follow: [4/26/12 8:34:56:652 EDT] 0000002b RoleBasedAuth A SECJ0305I: The role-based authorization check failed for naming-authz operation NameServer:resolve_complete_info The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following required roles: CosNamingWrite, CosNamingRead, CosNamingDelete, CosNamingCreate. SystemErr.log file contents follow: [4/26/12 8:59:58:796 EDT] 0000002b SystemErr R javax.naming. NoPermissionException: NO_PERMISSION exception caught: Not authorized to perform resolve_complete_inf o operation. [Root exception is org.omg.CORBA.NO_PERMISSION: Not authorized to perform resolve_complete_info operation. vmcid: 0x0 minor code: 0 completed: No] at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup (CNContextImpl.java:1844) at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup (CNContextImpl.java:1776) at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt (CNContextImpl.java:1433) at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl java:615) at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:165 at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179 at org.apache.aries.jndi.DelegateContext.lookup(DelegateContext java:161) at javax.naming.InitialContext.lookup(InitialContext.java:392) at com.ibm.otis.common.database.DataSourceConnection. initDataSource(DataSourceConnection.java:76) at com.ibm.otis.common.database.DataSourceConnection.<init> (DataSourceConnection.java:53) at com.ibm.otis.common.database.JDBCManager.initConnectionSourc (JDBCManager.java:123) at com.ibm.otis.common.database.JDBCManager.<init>(JDBCManager. java:107) at com.ibm.otis.common.database.JDBCManager.<init>(JDBCManager. java:95) at com.ibm.otis.common.database.DatabaseAccess.getJDBCManager (DatabaseAccess.java:974) at com.ibm.otis.common.database.DatabaseAccess. setTransactionIsolation(DatabaseAccess.java:167) at com.ibm.otis.events.EventManager$PollProcessing.process (EventManager.java:470) at com.ibm.otis.events.EventManager$PollProcessing.run (EventManager.java:169) at java.lang.Thread.run(Thread.java:662) Caused by: org.omg.CORBA.NO_PERMISSION: Not authorized to perform resolve_complete_info operation. vmcid: 0x0 minor code: 0 completed: No at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase. performAuthorizationCheck(WsnOptimizedNamingImplBase.java:4942) at com.ibm.ws.naming.cosbase.WsnOptimizedNamingImplBase. resolve_complete_info(WsnOptimizedNamingImplBase.java:2289) at com.ibm.WsnOptimizedNaming._NamingContextStub. resolve_complete_info(_NamingContextStub.java:538) at com.ibm.ws.naming.jndicos.CNContextImpl$2.run(CNContextImpl. java:2957) at com.ibm.ws.naming.jndicos.CNContextImpl$2.run(CNContextImpl. java:2953) at com.ibm.ws.naming.util.CommonHelpers.retry(CommonHelpers. java:801) at com.ibm.ws.naming.jndicos.CNContextImpl.cosResolve (CNContextImpl.java:2951) at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup (CNContextImpl.java:1817) ... 17 more ___
Local fix
No work-around
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server who restrict read access to the * * CORBA CosNaming name service using role * * based authorization. * **************************************************************** * PROBLEM DESCRIPTION: The error org.omg.CORBA.NO_PERMISSION * * occurs in deployment manager or * * job manager logs on calls made by the * * OTiS application. * **************************************************************** * RECOMMENDATION: * **************************************************************** The OTiS application is a system application shipped on the deployment manager and job manager. OTiS accesses the name service on startup. If the user applies role restrictions on the CORBA CosNaming name service, OTiS may issue org.omg.CORBA.NO_PERMISSION messages as it fails to access the name service.
Problem conclusion
The OTiS system application was modified to allow it to access the name service. The fix for this APAR is currently targeted for inclusion in fix packs 8.0.0.8 and 8.5.5.1. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM89476
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-05-21
Closed date
2013-07-10
Last modified date
2013-07-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
11 January 2022