Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Illegal use of 1PC in transaction? (CustomRegistry)

6 views
Skip to first unread message

Sriram Narayan

unread,
Sep 17, 2001, 12:57:31 AM9/17/01
to
hi
I am using WAS4.0 AE with Oracle as admin DB.
I am trying to provide an RDBMS implementation to the new
CustomRegistry interface. I have already successfully deployed the
sample FileRegistry example provided in the InfoCentre docs. When , I
try to deploy my RDBMS implementation , everything goes along fine
initially - I even get a custom registry initialized message , but
finally it gives a critical error and says 'transaction rolled back'.
Just before this I see a warning on the console 'Illegal use of 1PC in
transaction'. The message reference tells me that this means a
'prepare' was invoked on a one-PC resource. But I am doing nothing of
that sort - i am only using a datasource (which uses a jdbc 2.0
driver).

I searched the traces for any application exception but found none.
Could you pls comment on this?
thanks
sriram

Sriram Narayan

unread,
Sep 17, 2001, 10:41:44 AM9/17/01
to
an update....
I inserted some System.out traces and ran again:
here is the output (timestamps and thread id removed)

SystemOut U =>loadFromDB
SystemOut U =>getConnection
SystemOut U <=getConnection
SystemOut U <=loadFromDB
SystemOut U =>getRealm
SystemOut U <=getRealm
CustomRegistr A SECJ0136A: Custom.Registry:was4.registry.DBRegistry.has.been.
initialized

SystemOut U =>checkPassword
SystemOut U <=checkPassword
SystemOut U ||getUserDisplayName
SystemOut U ||getUniqueUserId
SystemOut U ||getUniqueUserId
SystemOut U =>getUniqueGroupIds
SystemOut U =>getGroupsForUser
SystemOut U <=getGroupsForUser
SystemOut U <=getUniqueGroupIds
SystemOut U =>loadFromDB
SystemOut U =>getConnection
SystemOut U <=getConnection
SystemOut U <=loadFromDB
SystemOut U =>getRealm
SystemOut U <=getRealm
CustomRegistr A SECJ0136A: Custom.Registry:was4.registry.DBRegistry.has.been.
initialized
SystemOut U =>checkPassword
SystemOut U <=checkPassword
SystemOut U ||getUserDisplayName
SystemOut U ||getUniqueUserId
SystemOut U ||getUniqueUserId
SystemOut U =>getUniqueGroupIds
SystemOut U =>getGroupsForUser
SystemOut U <=getGroupsForUser
SystemOut U <=getUniqueGroupIds
ConnectO W Illegal use of 1PC resource in transaction
...

thanks
sriram

Sriram Narayan

unread,
Sep 18, 2001, 5:55:34 AM9/18/01
to
problem solved ....

configure the datasource to use a 2 phase commit driver instead of a
1PC driver.

DB2:
COM.ibm.db2.jdbc.DB2ConnectionPoolDataSource (one phase commit
protocol)
COM.ibm.db2.jdbc.DB2XADataSource (two phase commit protocol)

Oracle:
oracle.jdbc.pool.OracleConnectionPoolDataSource (one phase commit
protocol)
oracle.jdbc.xa.client.OracleXADataSource (two phase commit protocol)

But I still don't know for sure why this change is needed. In my case,
I use Oracle as admin server DB and DB2 as application DB. My custom
registry uses the
application DB.
So I believe that changing the global security settings to use custom
registry in my case somehow necessitates a commit across Oracle and
DB2. That would explain why the custom registry implementation should
use an XADatasource. Of course, all this theorizing is based on the
assumption that the admin server itself uses a 2PC driver to talk to
the admin database.

Could someone from IBM pls comment on this?

thanks
sriram

Brad Koehn

unread,
Oct 9, 2001, 6:24:43 PM10/9/01
to
Sriram,

I too have written an RDBMS implementation of the CustomRegistry
(thanks for figuring out about the 2 phase commit driver!). I'm
running into a different problem I don't quite understand, however.
I'm hoping maybe you have an idea.

I can install my CustomRegistry into WAS 4.0 with no problem. I enter
a username and password of a user that exists in my registry, and hit
"ok." I get no errors, just a message telling me I need to restart the
Admin Server before changes take effect. So far, so good.

The next time I start the admin server, however, I get the following
error:

=========
ExtendedMessage: CNTR0019E: Non-application exception occurred while
processing method find: com.ibm.websphere.csi.CSIException: SECJ0053E:
Authorization failed for MyRegistry/joe while invoking (Home)
ejsadmin/homes/SecurityConfigHome find:0 securityName:
MyRegistry/joe;accessID: MyRegistry/joe is not granted any of the
required roles:

AdminRole
========

I made sure that the user I entered on the authentication page ("joe")
is selected in the Administrative Role page, as well as a group that
joe is a member of. I would think that that's all I have to do to
insure that everything's fine, but I'm still getting the above error.

Is there something I'm missing?

Thanks!

Brad Koehn

Sriram Narayan

unread,
Oct 10, 2001, 1:38:26 AM10/10/01
to
Brad,
You don't seem to be missing anything.
Just to confirm, you have given 'joe' as the Security Server Id on the
authentication pane (of Security Center) and same for AdminRole on
administrative Role pane, right? Of course, you would have checked the
global 'enable security' flag also.

You could check a little thing. There is a bug in the Custom Registry
implemenatation in that it calls the 'getDisplayName' method when it
actually should be calling the 'getSecurityName' method. You could try
keeping both names (display name and Security name- which is the user
Id) exactly same.

Apart from that, you could temporarily insert System.out traces into
each method of your CustomRegistry implementation (well, I don't have
to tell you this :-) )

Is you admin server failing to start or throwing the exception and
starting anyway?

-sriram

Brad Koehn

unread,
Oct 10, 2001, 12:15:33 PM10/10/01
to
srir...@thbs.com (Sriram Narayan) wrote in message news:<4c0dc495.01100...@posting.google.com>...
> Brad,
>
> [snip]

>
> You could check a little thing. There is a bug in the Custom Registry
> implemenatation in that it calls the 'getDisplayName' method when it
> actually should be calling the 'getSecurityName' method. You could try
> keeping both names (display name and Security name- which is the user
> Id) exactly same.

That's it! Thank you so much! I had inserted debugging calls into my
code, and saw WAS was calling getDisplayName(), but I assumed WAS knew
what it was doing (I know, why assume that WAS would work?). As soon
as I changed 'joe''s Display Name to be 'joe', everything worked
perfectly!

> Is you admin server failing to start or throwing the exception and
> starting anyway?

That was the interesting part. The admin server would throw an
exception, start anyway, and then when you tried to login via the
admin console, the admin server would immediately crash, and then
relaunch. After two or three cycles, the admin server would no longer
relaunch.

Thanks Sriram, I owe you a beer (or other pleasant beverage, as you
prefer).

0 new messages