Monday, November 28, 2022

Database Error Authenticating a WebService Call

My Saturday turned out differently than I had planned.  

A customer was a database error trying to authenticate a webservice call.  The first error message and stack trace was:


BMXAA6714E - The data for the next record in the mboset could not be retrieved for the SQL query select * from maxuser  where loginid = :1. See the log file for more details about the error.
java.sql.SQLException: ORA-01008: not all variables bound
	at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:509) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:461) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1104) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:550) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:268) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:655) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:229) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:41) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:765) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:983) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1362) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:369) ~[oraclethin.jar:?]
	at psdi.mbo.MboSet.getNextRecordData(MboSet.java:3350) [businessobjects.jar:?]
	at psdi.mbo.MboSet.fetchMbosActual(MboSet.java:2958) [businessobjects.jar:?]
	at psdi.mbo.MboSet.fetchMbos(MboSet.java:2915) [businessobjects.jar:?]
	at psdi.mbo.MboSet.getMbo(MboSet.java:2123) [businessobjects.jar:?]
	at psdi.mbo.MboSet.isEmpty(MboSet.java:4427) [businessobjects.jar:?]
	at psdi.security.SecurityService.commonUserValidation(SecurityService.java:1373) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUserM(SecurityService.java:938) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUser(SecurityService.java:466) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUser(SecurityService.java:348) [businessobjects.jar:?]
	at psdi.iface.util.SecurityUtil.getNewUserInfo(SecurityUtil.java:232) [businessobjects.jar:?]
	at psdi.iface.util.SecurityUtil.getUserInfo(SecurityUtil.java:86) [businessobjects.jar:?]
	at psdi.iface.action.MAXActionServiceBean.secureAction(MAXActionServiceBean.java:181) [mboejb.jar:?]
	at psdi.iface.action.MAXActionServiceBean.wsSecureAction(MAXActionServiceBean.java:204) [mboejb.jar:?]
	at psdi.iface.action.EJSLocalStatelessactionservice_05493ca6.wsSecureAction(Unknown Source) [mboejb.jar:?]
	at psdi.iface.webservices.ActionWebServiceProxy.invokeService(ActionWebServiceProxy.java:93) [classes/:?]
	at psdi.iface.webservices.JAXWSWebServiceProvider.invoke(JAXWSWebServiceProvider.java:149) [classes/:?]
It was followed by this error message:

BMXAA6713E - The MBO fetch operation failed in the mboset with the SQL error code 1008. The record could not be retrieved from the database. See the log file for more details about the error.
java.sql.SQLException: ORA-01008: not all variables bound

When using DB2, the stack trace looks like

BMXAA6714E - The data for the next record in the mboset could not be retrieved for the SQL query select * from maxuser  where loginid = :1 for read only. See the log file for more details about the error.
com.ibm.db2.jcc.am.SqlException: The number of variables in the EXECUTE statement, the number of variables in the OPEN statement, or the number of arguments in an OPEN statement for a parameterized cursor is not equal to the number of values required.. SQLCODE=-313, SQLSTATE=07004, DRIVER=3.69.71
	at com.ibm.db2.jcc.am.gd.a(gd.java:752)
	at com.ibm.db2.jcc.am.gd.a(gd.java:66)
	at com.ibm.db2.jcc.am.gd.a(gd.java:135)
	at com.ibm.db2.jcc.am.bp.c(bp.java:2780)
	at com.ibm.db2.jcc.am.bp.a(bp.java:2244)
	at com.ibm.db2.jcc.t4.bb.o(bb.java:906)
	at com.ibm.db2.jcc.t4.bb.j(bb.java:267)
	at com.ibm.db2.jcc.t4.bb.d(bb.java:55)
	at com.ibm.db2.jcc.t4.p.c(p.java:44)
	at com.ibm.db2.jcc.t4.vb.j(vb.java:157)
	at com.ibm.db2.jcc.am.bp.lb(bp.java:2239)
	at com.ibm.db2.jcc.am.bp.a(bp.java:3281)
	at com.ibm.db2.jcc.am.bp.a(bp.java:708)
	at com.ibm.db2.jcc.am.bp.executeQuery(bp.java:687)
	at psdi.mbo.MboSet.getNextRecordData(MboSet.java:3333)
	at psdi.mbo.MboSet.fetchMbosActual(MboSet.java:2941)
	at psdi.mbo.MboSet.fetchMbos(MboSet.java:2898)
	at psdi.mbo.MboSet.getMbo(MboSet.java:2114)
	at psdi.mbo.MboSet.isEmpty(MboSet.java:4410)
	at psdi.security.SecurityService.commonUserValidation(SecurityService.java:1328)
	at psdi.security.SecurityService.authenticateUserM(SecurityService.java:893)

That's a lot of stack traces. I've included them to make this blog entry easier to find in the future. 

So what was the problem? mxe.useAppServerSecurity was 0, mxe.int.allowdefaultlogin was 0, and the webservice call was not passing a MAXAUTH header. This scenario resulted in a null username which triggered the database error. 

In our case, changing mxe.int.allowdefaultlogin was our solution. Changing mxe.useAppServerSecurity or passing a MAXAUTH header would have also worked.

Wednesday, September 28, 2022

Preventing User Logins

Still Around

I have not written in a long time.  Until early this year, I have been supporting a client still running a highly customized Maximo 7.5.  There were some interesting problems come up, especially as the browsers remove support for Java.  Maximo 7.5 uses Java for Workflow editing and Direct Print.  I didn't think I had much to share as the world moved on to later versions of Maximo.

My new position has me working with Maximo 7.6 and MAS8.  I should have more to write about.

Preventing User Logins

I have recently been working on a problem where I want to prevent users from logging into a Maximo node after startup while some complex initialization takes place within the Maximo JVM.  I want the same behaviour as placing Maximo into Admin Mode without actually doing that.   This snippet of code will do that.

// grab the SECURITY service.
SecurityService securityService = (SecurityService)MaximoHelper.getService("SECURITY");

// disable user logins
((TenantLevelObj)securityService.getAllowNewSessions()).set(Boolean.FALSE);

// do what you want to do without user logins

// enable user logins
((TenantLevelObj)securityService.getAllowNewSessions()).set(Boolean.TRUE);
This will prevent new users from logging in but will not log out users who are currently logged in.