|
This document contains Release Notes for WebSphere Application Server - Express Version 5.1 for iSeries. The Release Notes contain information about known problems and the work arounds. This document also includes some supplemental information for topics covered in the WebSphere Application Server - Express documentation. This version replaces all earlier versions of the release notes.
These notes will be updated periodically. Please see the WebSphere Application Server - Express for i5/OS Web site for the most up-to-date information.
When troubleshooting, be sure to search the WebSphere Application Server - Express for i5/OS Frequently Asked Questions (FAQ) database.
Several features have been deprecated in Version 5.1. The Deprecated Version 5.1 features document in the Version 5.1 InfoCenter describes these deprecated features.
See the Installation documentation for the most up-to-date, step-by-step instructions on installing the product and creating the initial configuration.
Table of Contents
   Documentation
Fix Warning
PTF Information
Known Problems and Restrictions
The most up-to-date documentation can be found on the WebSphere Application Server - Express for i5/OS Web site documentation page.
The WebSphere Application Server - Express for i5/OS and i5/OS Information Center is now available for download from the WebSphere Application Server - Express for i5/OS Web site. This downloadable version can be installed and viewed on a local system rather than remotely from the WebSphere Application Server - Express for i5/OS Web site.
The following instructions describe how to download and install the WebSphere Application Server - Express for i5/OS and i5/OS Information Center:
- Download the zip file for the Information Center from the Documentation page on the WebSphere Application Server - Express for i5/OS Web site.
- Create a new directory, called WASE51Docs, on the local system.
- Extract the contents of the downloaded zip file to this new directory.
You can access the WebSphere Application Server - Express for i5/OS and i5/OS Information Center by opening the index.htm page in the documentation subdirectory in a browser:
\WASE51Docs\index.htm
The WebSphere Application Server - Express - Support Web site provides individual fixes for critical problems that are not part of a WebSphere Fix Pack. These fixes have not been tested against WebSphere Application Server - Express Version 5.1 for iSeries. Unless otherwise noted, these fixes should not be applied to your iSeries server. These fixes will be included in official fix packs for the product.
If you have a critical requirement for a fix, please contact IBM Service.
After you install the WebSphere Application Server - Express Version 5.1 product, you should install the WebSphere Application Server - Express Group PTF (program temporary fix) for your OS/400 release. The Group PTF contains necessary fixes for WebSphere Application Server - Express, IBM Developer Kit for Java, DB2 Universal Database (UDB), and IBM HTTP Server (powered by Apache) products.
These release notes assume that you have applied the WebSphere Application Server - Express Version 5.1 Group PTF to your iSeries server.
Installation Instructions for WebSphere Application Server - Express for i5/OS V5.1 Group PTF
The following instructions describe how to install the V5.1 group PTF:
|
|
|
- The integrated GUI cannot be used to administer an application server that is also being managed concurrently with the wsadmin utility or the administrative console.
- The name 'server1' is not allowed for a WebSphere - Express Application Server instance. Applications will not install properly into an Express server named 'server1'.
|
|
|
|
|
-
Resizing your browser window when using Netscape to access the IBM WebSphere Application Server - Express administrative console can cause the following problems:
-
If you resize your Netscape browser, you could get a "Data Missing" error. The error message disappears in 60 seconds.
-
When connecting to the IBM WebSphere Application Server administrative console from a Netscape browser, resizing the browser can cause an Error 404 message to occur. This situation occurs because the browser reloads the frame when resizing the window.
To avoid getting the error message, you can refrain from resizing the Netscape browser window, or you can connect to the IBM WebSphere Application Server - Express administrative console using an Internet Explorer browser.
-
You receive the following error messages when resizing Netscape Version 4.7:
Error 0
An error occurred while processing request:
http://localhost:9090/admin/upload.do message:
Details com.ibm.webshpere.servlet.error.ServletErrorReport:
at java.lang.Class.newInstance0(Native Method)
...
After resizing Netscape 4.7, Netscape has to reload the page just as it initially loads the page on the first request. For pages that do not expect POST data, it is not a problem. But for pages that do, Netscape 4.7 cannot retain the data.
-
If you experience difficulties in the Signing Information panel using Netscape 4.7.9, retry using Internet Explorer.
-
While working with the right-hand panel of the administrative console to do administrative tasks, the browser screen blanks out intermittently.
To work around this problem, do one of the following:
-
After the problem occurs, close the Netscape browser, log in again, and continue working.
-
Use the Internet Explorer browser from a Windows machine.
-
Use Netscape 7.x, Mozilla 1.x, Opera 5, or Konquerer browsers on the platform, depending on which is available. These web browsers are compatible with the product and have a higher performance and success rate than the previous 4.7.x series of Netscape browsers.
-
If you use the Netscape browser to access the Web Services Security GUI panels, the drop down lists which are supposed to contain a blank line display ---???--- instead of the blank line.
This is because Netscape Version 4.79 does not properly interpret "" or " " as a blank.
This is in the signature method(), digest method(), canonicalization method() drop downs, and others when Netscape 4.79 is used to access the panels on an AIX system. This problem does not occur when you use Internet Explorer, which properly displays a blank line.
There is no work around if you use Netscape 4.79, which is the supported level of Netscape for this release.
-
An IllegalArgumentException exception displays when entering a double-byte character set (DBCS) name for a wsadmin AdminConfig object using the Jython script. The Bean Scripting Framework (BSF) truncates DBCS characters when passing them to the Jython script for execution or evaluation. There is no work around at this time.
- The heap size values and descriptions in the Java Virtual Machine of the Process Definition of an Application Server are misleading or incorrect:
-
- The default value of 0 for the Initial Heap Size field will result in an actual initial (or minimum) heap size of 96 on OS/400. The help that says the default is 64 for OS/400 is incorrect.
- The default value of 0 for the Maximum Heap Size field will result in an actual maximum heap size of 0 (or *NOMAX) on OS/400. The field description that says "The default is 256." is incorrect for OS/400.
- The following AdminApp commands are not supported in wsadmin when it is attached to a remote server process:
-
- install
- installInteractive
- The administrative console help text provides information about features and functions that are not supported by WebSphere Application Server - Express. For example, EJB help documentation is provided, but not supported by WebSphere Application Server - Express.
|
|
|
- The name 'server1' is not allowed for a WebSphere - Express Application Server instance. Applications will not install properly into an Express server named 'server1'.
- The WebSphere Application Server - Express only supports one application server per server instance. Note that you can create multiple server instances, each running one application server.
|
|
|
|
|
-
Caching of connection handles across servlet methods is limited to Java Database Connectivity (JDBC) and Java Message Service (JMS) resources. Other non-relational resources, such as Customer Information Control System (CICS) or IMS, currently cannot have their connection handles cached in a servlet. This limitation only applies to single-threaded servlets because multi-threaded servlets do not allow caching of connection handles.
To work around this problem, you need to get, use, and close the connection handle within each method invocation.
-
When you create a data source of DB2 Universal Java Database Connectivity (JDBC) driver and set the driverType property to 4, you must provide the serverName property. If you do not provide the serverName property, DB2 throws a NullPointerException instead of an exception with meaningful message.
-
Starting with WebSphere Application Server - Express Version 5.1, the administrative console no longer displays any deprecated JDBC Provider names. The new providers differ only in names from the old deprecated ones. The new providers are more descriptive and less confusing.
The deprecated JDBC Provider names continue to exist in the jdbc-resource-provider-templates.xml file for migration reasons, for example, for the existing Jacl scripts. However, you can use the new and more descriptive JDBC Provider names in the Jacl scripts.
|
|
|
- While debugging JavaServer Pages (JSP), WebSphere Application Server can issue a NullPointerException exception in the JavaScript code using Bean Scripting Framework (BSF). The servlet engine fails with a double open on a reader or writer stream.
The Java servlet application programming interface (API) does not define behavior upon reopen in a reader or writer stream. Stop and restart WebSphere Application Server - Express before debugging to verify that a clean instance of WebSphere Application Server - Express is running.
Note: The JSP debugging function of BSF is deprecated in WebSphere Application Server - Express Version 5.1.
|
|
|
|
|
-
A WebServicesFault exception is thrown by the application server runtime for certain Web Services Description Language (WSDL) files that define operations with the document style and literal use and use the Simple Object Access Protocol (SOAP) header to transmit the input data.
If the WSDL files define an operation with document style and literal use and this operation maps the input to the SOAP header, the Web services runtime fails to find the right operation for the target service, and a WebServicesFault exception is thrown.
To solve the problem, you must change the WSDL files so that the previously noted operation does not have any input that uses the SOAP header to transmit the data.
-
When hosting Web services on WebSphere Application Server, you can receive the following exception:
java.lang.SocketTimeOutException: Read Timed Out
A slow network connection between the client and the Web service causes this problem. In such cases, the HTTP socket may timeout before the Web service engine completely reads the Simple Object Access Protocol (SOAP) request. Sudden increases in overall network activity cause this problem in most cases. Or, when the client is accessing the Web services from a slow network connection, the problem occurs. It can also occur in cases where the amount of data in the SOAP request is very large.
Increase the ConnectionIOTimeOut parameter for your Web container HTTP transport. The default value is 5 seconds. You can increase the value to 30 seconds or greater.
You can reset the value using the administrative console by clicking Servers --> Application Servers --> server_name --> Web Container --> HTTP Transports --> port_number --> Custom Properties --> New.
Enter the following property name and value:
- Name:
ConnectionIOTimeOut
- Value:
30
|
|
|
-
Communication between the HTTP Server plug-in and WebSphere Application Server - Express can be done through either HTTP or HTTPS. The additional products that are necessary to run HTTPS may or may not already be installed on the iSeries.
To run with SSL, verify the following products are installed:
1) OS/400 Digital Certificate Manager (5722-SS1 or 5769-SS1, option 34)
2) Cryptographic Access Provider 5722-AC3 or 5769-AC3 (128-bit)
|
|
|
- If you are accessing Domino data from your WebSphere - Express applications and need NCSO.JAR in your classpath, you may have to point to it in a different place after upgrading Domino to version 6.5 or 6.0.3 or later versions. The prior Domino releases had NCSO.JAR in /QIBM/ProdData/lotus/notes/shared, which is being removed in the 6.0.3 and 6.5 releases of Domino.
Beginning with Domino versions 6.0.3 and 6.5, you should use /QIBM/ProdData/Lotus/Notes/DATA/Domino/Java/NCSO.JAR or instance_root/data/Domino/Java/NCSO.JAR (where instance_root is the root directory of the Domino server instance.
|
|
|
|
|
-
In WebSphere Application Server - Express Version 5.0.1, Version 5.0.2, and Version 5.1, the distinguished name is normalized according to the Lightweight Directory Access Protocol (LDAP) specification. In WebSphere Application Server, Version 5.0, the normalization of the distinguished name is not done. The normalization consists of removing spaces in the base distinguished name before or after commas and equal symbols.
An example of a non-normalized base distinguished name is o = ibm, c = us or o=ibm, c=us.
An example of a normalized base distinguished name is o=ibm,c=us.
It is preferred that the distinguished name is manually normalized when you enter the base distinguished name in the configuration. With WebSphere Application Server - Express Version 5.1, the normalization occurs automatically at the runtime.
When a WebSphere Application Server - Express Version 5.0.1, Version 5.0.2, or Version 5.1 system (which always has a normalized distinguished name) sends a security token to a WebSphere Application Server - Express Version 5.0 system that contains a non-normalized distinguished name, the request is rejected because of the mismatched distinguished names during authorization.
To ensure the interoperability between WebSphere Application Server - Express versions, manually normalize the base distinguished name in the LDAP configuration on a Version 5.0 system by removing all the spaces before and after the commas and equal symbols.
-
A Web services security enabled application fails to start. You can receive an error message similar to the following:
[6/19/03 11:13:02:976 EDT] 421fdaa2 KeyStoreKeyLo E WSEC5156E:
An exception while retrieving the key from KeyStore object:
java.security.UnrecoverableKeyException: Given final block not properly padded.
The cause of the problem is that the keypass (password) provided for a particular key in a Key Store is invalid. The Key Store passwords are specified in the KeyLocators elements of the bindings files ws-security.xml, ibm-webservices-bnd.xmi, or ibm-webservicesclient-bnd.xmi. Check the keypass values for keys specified in the KeyLocators elements of the bindings file and correct any that are incorrect.
- Secure Sockets Layer (SSL) interoperability fails with
unknown certificate errors using the default dummy key files and trust files between WebSphere Application Server - Express Version 5.1 and previous releases. A new dummy certificate is created in WebSphere Application Server Version 5.1 with a later expiration date. The signer for this certificate is not present in the trust files of previous releases. This missing signer causes unknown certificate errors when making SSL connections between WebSphere Application Server - Express Version 5.1 and previous releases.
Use the newer dummy key files and trust files in the previous releases for test interoperability. Do not use these default dummy certificates, key stores, and trust stores in production environments. The update installer overwrites these files when an interim fix is applied. The certificates are widely used and considered insecure for any production environment.
As a temporary work around, copy the following files from the etc directory of the Version 5.1 instance to the instance for the earlier version:
- plugin-key.kdb
- DummyClientKeyFile.jks
- DummyClientTrustFile.jks
- DummyServerKeyFile.jks
- DummyServerTrustFile.jks
Make sure that you maintain the correct authorities for the user profile under which the application server runs (QEJBSVR is the default user profile).
-
WebSphere Application Server - Express goes into recursion and fails when -Djava.security.debug=all or -Djava.security.auth.debug=all is enabled. If Java 2 Security is enabled and IBM Developer Kit, Java Technology Edition, Version 1.4 Java 2 Security debug (-Djava.security.debug=all or --Djava.security.auth.debug=all or both) is enabled, a recursive loop results and eventually the WebSphere Application Server crashes with a Java core dump. This problem is recognized in the IBM Developer Kit, Java Technology Edition Version 1.4.
Do not use the IBM Developer Kit, Java Technology Edition, Version 1.4 security debug with the all or domain options until the issue in IBM Developer Kit, Java Technology Edition, Version 1.4 is addressed.
-
A problem exists with a parsing permission that has a trailing space in the permission target name. When a policy has a trailing space in the policy permission target name, the policy fails to parse the permission properly in the IBM Developer Kit, Java Technology Edition, Version 1.4 that is used with WebSphere Application Server - Express Version 5.1. In the following example, note the space before the last quotation mark: * \"*\" "
grant { permission
javax.security.auth.PrivateCredentialPermission
"javax.resource.spi.security.PasswordCredential * \"*\" ","read";
};
The following exception may display when loading a permission with a trailing space in any of permission attributes:
[9/16/03 16:56:13:112 EDT]
5fff004e WSDynamicPoli E SECJ0197E:
Caught Invocation TargetException while constructing the permission object.
The exception is java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(StringTokenizer.java(Compiled Code))
at javax.security.auth.PrivateCredentialPermission.init
(PrivateCredentialPermission.java:379) at
javax.security.auth.PrivateCredentialPermission.
(PrivateCredentialPermission.java:193) at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance
(NativeConstructorAccessorImpl.java:79) at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance
(DelegatingConstructorAccessorImpl.java:43)
at java.lang.reflect.Constructor.newInstance(Constructor.java:313) at
com.ibm.ws.security.policy.WSDynamicPolicy.getPermissionInstance
(WSDynamicPolicy.java:1537) at
com.ibm.ws.security.policy.WSDynamicPolicy.access$400
(WSDynamicPolicy.java:76) at
com.ibm.ws.security.policy.WSDynamicPolicy$WSPolicyTemplate.add
(WSDynamicPolicy.java:1594) at
com.ibm.ws.security.policy.WSDynamicPolicy$WSPolicyTemplate.access$200
(WSDynamicPolicy.java:1550) at
com.ibm.ws.security.policy.WSDynamicPolicy.loadRAPolicyTemplate
(WSDynamicPolicy.java:993) at
com.ibm.ws.security.policy.WSDynamicPolicy.loadRAPolicyTemplate
(WSDynamicPolicy.java:965) at
com.ibm.ws.security.policy.WSDynamicPolicy.setupPolicy
(WSDynamicPolicy.java:583)
If the permission is in a policy file loaded by the IBM Developer Kit, Java Technology Edition, Version 1.4 policy tool, the following message may display:
Errors have occurred while opening the policy configuration.
View the warning log for more information.
In the warning log, you may see the following error:
Warning: Invalid argument(s) for constructor:
javax.security.auth.PrivateCredentialPermission.
To correct the problem, edit the permission and remove the trailing space. When the trailing space is removed, the permission loads properly.
grant { permission
javax.security.auth.PrivateCredentialPermission
"javax.resource.spi.security.PasswordCredential * \"*\"","read";
}
-
Common Secure Interoperability Version 2 (CSIv2) trusted ID list may use the pipe (|) or comma (,) characters for the delimiter when the server ID is the distinguished name (DN). The previous version of the CSIv2 trusted ID list used a comma delimiter before the DN was supported as a server ID. Now that DN is supported as a server ID, the comma is no longer valid to use a delimiter of DNs.
Use the pipe character as the list delimiter from now on. WebSphere Application Server - Express still supports the comma character as the list delimiter for backwards compatibility. WebSphere Application Server checks the comma character when the pipe character fails to find a valid trusted ID.
-
The following exception may be logged by the application server when client certificate authentication is configured for Web applications or enterprise bean clients:
[10/10/03 14:17:53:040 UTC] c391d964 WebCollaborat A
SECJ0056E: Authentication failed for reason Authentication Failed
[10/10/03 14:18:57:355 UTC] c391d964 LdapRegistryI E SECJ0352E: Could
not get the users matching the pattern C=US, ST=MIN, L=, O=IBM,
OU=Rochester, CN=SECTEST2 because of the following exception
javax.naming.InvalidNameException: C=US, ST=MIN, L=, O=IBM,
OU=Rochester, CN=SECTEST2: [LDAP: error code 34 - Invalid DN Syntax];
remaining name 'C=US, ST=MIN, L=, O=IBM, OU=Rochester, CN=SECTEST2'
To avoid this problem, specify values for all fields in the distinguished name when creating or requesting digital certificates.
-
Applications with Web services security enabled cannot interoperate between Version 5.1 and Version 5.0.2 application servers. The error message "digest mismatch" is displayed. An error exists in the cannonicalization algorithm for XML digital signatures, which is fixed in WebSphere Application Server - Express Version 5.1. A fix for Version 5.0.2 will be released in a future interim fix pack.
|
|
|
-
The help search in the administrative console does not return search results for Latin-1 terms that contain diacritical markings (for example, German für, where the u includes an umlaut). To work around this problem, use the decimal representation of the character in the search term (for example, für).
- The following languages will be available when they are posted on the Express PTFs web page under additional PTFs:
- 2911 - Slovene
- 2923 - Dutch
- 2931 - Spanish
- 2932 - Italian
- 2939 - Swiss - German
- 2942 - Swill Italian
- 2962 - Japanese
- 2963 - Belgium Dutch
- 2975 - Czech
- 2976 - Hungarian
- 2980 - Brazilian Portuguese
- 2981 - Canadian French
- 2986 - Korean
- 2987 - Traditional Chinese
- 2989 - Simplified Chinese
- 2992 - Romanian
- 2994 - Slovakian
IBM, iSeries, OS/400, RS/6000, AIX, Lotus, and WebSphere are trademarks of International Business Machines Corporation in the United States and/or other countries.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
|
