A fix is available
APAR status
Closed as program error.
Error description
Application code running in a servant region cannot access an application custom MBean in that same server when security is enabled unless the application is running under an identity with Monitor access. . This works for WebSphere Application Server on Distributed 6.0.2 platforms because the application server is all in one process. On WebSphere Application Server for z/OS with the Controller Region (CR) / Servant Region (SR) split, there are security checks when calling from the CR where there is a dynamic proxy of the custom mbean to the SR where the actual mbean resides. . The failure seen may be similar to: . Trace: 2008/06/27 12:25:36.755 01 t=8CF4F8 c=12.2 key=P8 Description: Log Boss/390 Error from filename: ./bborjtr.cpp at line: 932 error message: BBOO0220E: SRVE0026E: Servlet Error - HelloServlet: java.lang.reflect.UndeclaredThrowableException: ADMN0022E: Access is denied for the getVersionsForAllProducts operation on Server MBean because of insufficient or empty credentials. at com.ibm.ws.management.AdminServiceImpl$1.run (AdminServiceImpl.java:1087) at com.ibm.ws.security.util.AccessController.doPrivileged (AccessController.java(Compiled Code)) at com.ibm.ws.management.AdminServiceImpl.invoke (AdminServiceImpl.java:932) ... Caused by: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getVersionsForAllProducts operation on Server MBean because of insufficient or empty credentials. at com.ibm.ws.management.AdminServiceImpl.preInvoke (AdminServiceImpl.java(Compiled Code)) ...
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V7.0 for z/OS with application custom MBean. * **************************************************************** * PROBLEM DESCRIPTION: User with valid role sometime is * * unable to access application created * * custom MBean. * **************************************************************** * RECOMMENDATION: * **************************************************************** java.lang.reflect.UndeclaredThrowableException: ADMN0022E: Access is denied for the <operation name> operation on <mbean name> MBean because of insufficient or empty credentials. at com.ibm.ws.management.AdminServiceImpl$1.run (AdminServiceImpl.java:1087) at com.ibm.ws.security.util.AccessController.doPrivileged (AccessController.java(Compiled Code)) at com.ibm.ws.management.AdminServiceImpl.invoke (AdminServiceImpl.java:932)
Problem conclusion
Changed admin authorization code to allow valid user to access application custom MBean. APAR PK79602 is currently targeted for inclusion in Service Level (Fix Pack) 7.0.0.5 of WebSphere Application Server V7.0 for z/OS. Please refer to URL: //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack availability.
Temporary fix
Comments
APAR Information
APAR number
PK79602
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-01-28
Closed date
2009-05-04
Last modified date
2009-08-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R700 PSY UK48200
UP09/07/27 P F907
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 February 2022