PH37410: GETTING SECJ0053E, CNTR0020JAVAX.EJB.ACCESSLOCALEXCEPTION, COM.IBM.WEBSPHERE.CSI.CSIACCESSEXCEPTION WHEN ACCESSING AN EJB METHOD

APAR status

Closed as program error.

Error description

Getting below exception while an application is trying to
access the EJB method. But the method doit defined in MyBean is
expecting only 'user' role.

SecurityColla A   SECJ0053E: Authorization failed for
abc.xyz.at:123/def  while invoking
(Home)MyBeanM#bean.jar#EEName::4

CNTR0020E: EJB threw an unexpected (non-declared) exception
during invocation of method "doit" on bean "BeanId(,null)".
Exception data: javax.ejb.AccessLocalException:  ;
nested exception is: com.ibm.websphere.csi.CSIAccessException:
SECJ0053E: Authorization failed for abc.xyz.at:123/def while
invoking (Home)MyBeanM#bean.jar#EEName::4  is not granted any
of the r Admin

at com.ibm.ws.security.core.SecurityCollaborator.
performAuthorization(SecurityCollaborator.java:642)
at com.ibm.ws.security.core.EJSSecurityCollaborat
or.preInvoke(EJSSecurityCollaborator.java:268)
at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCol
laboratorAdapter.preInvoke(EJBSecurityCollaboratorAdapter.java:
66)
at com.ibm.ws.ejbcontainer.runtime.EJBSecurityCol
laboratorAdapter.preInvoke(EJBSecurityCollaboratorAdapter.java:
40)
at com.ibm.ejs.container.EJSContainer.notifySecur
ityCollaboratorPreInvoke(EJSContainer.java:3405)
at com.ibm.ejs.container.EJSContainer.preInvokeAf
terActivate(EJSContainer.java:3338)
at com.ibm.ejs.container.EJSContainer.preInvoke(E
JSContainer.java:2502)
at
com.ABC.interfaces.c.EJSLocalHome_678.doit(Unknown
Source)

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
*                  with EJB applications                       *
****************************************************************
* PROBLEM DESCRIPTION: SECJ0053E occurs accessing EJB method   *
*                      from EJB with run-as-mode               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The EJB Container intermittently fails to read the "run-as-mode"
(XML) or "runAsSettings" (XMI) elements in the ibm-ejb-jar-
ext.xml/xmi file resulting in EJB methods running without the
configured role. The initial failure is a NullPointerException,
followed by the error SECJ0053E: Authorization failed.
The error occurs because the EJB Container caches a reference to
the in-memory copy of the configuration, which becomes stale
after 3 minutes and is no longer accessible. The error appears
intermittent since the configuration may be processed properly
if an EJB method is called before the data becomes stale.
When the error occurs, the EJB Container will log the following
error:
CNTR0020E: EJB threw an unexpected (non-declared) exception
during invocation of method "methodxxxx" on bean
"BeanId(<application>#<module>.jar#<bean>,null)". Exception
data: javax.ejb.AccessLocalException:  ;
nested exception is: com.ibm.websphere.csi.CSIAccessException:
SECJ0053E: Authorization failed for ...
at
com.ibm.ws.security.core.SecurityCollaborator.performAuthorizati
on(SecurityCollaborator.java:642)
at
com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSe
curityCollaborator.java:268)
at
com.ibm.ws.ejbcontainer.runtime.EJBSecurityCollaboratorAdapter.p
reInvoke(EJBSecurityCollaboratorAdapter.java:66)
at
com.ibm.ws.ejbcontainer.runtime.EJBSecurityCollaboratorAdapter.p
reInvoke(EJBSecurityCollaboratorAdapter.java:40)
at
com.ibm.ejs.container.EJSContainer.notifySecurityCollaboratorPre
Invoke(EJSContainer.java:3405)
at
com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSCon
tainer.java:3338)
at
com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:2
502)

Problem conclusion

The EJB Container has been updated to consistently read the "run
as-mode" (XML) or "runAsSettings" (XMI) elements in the ibm-ejb-
jar-ext.xml/xmi file. The SECJ0053E error will no longer occur.

The fix for this APAR is targeted for inclusion in fix pack
9.0.5.9. For more information, see 'Recommended Updates for
WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

Temporary fix

Comments

APAR Information

APAR number
PH37410
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-20
Closed date
2021-07-21
Last modified date
2021-07-21

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R900 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
02 November 2021

Tips

PH37410: GETTING SECJ0053E, CNTR0020JAVAX.EJB.ACCESSLOCALEXCEPTION, COM.IBM.WEBSPHERE.CSI.CSIACCESSEXCEPTION WHEN ACCESSING AN EJB METHOD

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R900 PSY

Document Information

Share your feedback

Need support?