Monday, November 28, 2022

Database Error Authenticating a WebService Call

My Saturday turned out differently than I had planned.  

A customer was a database error trying to authenticate a webservice call.  The first error message and stack trace was:


BMXAA6714E - The data for the next record in the mboset could not be retrieved for the SQL query select * from maxuser  where loginid = :1. See the log file for more details about the error.
java.sql.SQLException: ORA-01008: not all variables bound
	at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:509) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:461) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1104) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:550) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:268) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:655) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:229) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:41) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:765) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:983) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1362) ~[oraclethin.jar:?]
	at oracle.jdbc.driver.OracleStatementWrapper.executeQuery(OracleStatementWrapper.java:369) ~[oraclethin.jar:?]
	at psdi.mbo.MboSet.getNextRecordData(MboSet.java:3350) [businessobjects.jar:?]
	at psdi.mbo.MboSet.fetchMbosActual(MboSet.java:2958) [businessobjects.jar:?]
	at psdi.mbo.MboSet.fetchMbos(MboSet.java:2915) [businessobjects.jar:?]
	at psdi.mbo.MboSet.getMbo(MboSet.java:2123) [businessobjects.jar:?]
	at psdi.mbo.MboSet.isEmpty(MboSet.java:4427) [businessobjects.jar:?]
	at psdi.security.SecurityService.commonUserValidation(SecurityService.java:1373) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUserM(SecurityService.java:938) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUser(SecurityService.java:466) [businessobjects.jar:?]
	at psdi.security.SecurityService.authenticateUser(SecurityService.java:348) [businessobjects.jar:?]
	at psdi.iface.util.SecurityUtil.getNewUserInfo(SecurityUtil.java:232) [businessobjects.jar:?]
	at psdi.iface.util.SecurityUtil.getUserInfo(SecurityUtil.java:86) [businessobjects.jar:?]
	at psdi.iface.action.MAXActionServiceBean.secureAction(MAXActionServiceBean.java:181) [mboejb.jar:?]
	at psdi.iface.action.MAXActionServiceBean.wsSecureAction(MAXActionServiceBean.java:204) [mboejb.jar:?]
	at psdi.iface.action.EJSLocalStatelessactionservice_05493ca6.wsSecureAction(Unknown Source) [mboejb.jar:?]
	at psdi.iface.webservices.ActionWebServiceProxy.invokeService(ActionWebServiceProxy.java:93) [classes/:?]
	at psdi.iface.webservices.JAXWSWebServiceProvider.invoke(JAXWSWebServiceProvider.java:149) [classes/:?]
It was followed by this error message:

BMXAA6713E - The MBO fetch operation failed in the mboset with the SQL error code 1008. The record could not be retrieved from the database. See the log file for more details about the error.
java.sql.SQLException: ORA-01008: not all variables bound

When using DB2, the stack trace looks like

BMXAA6714E - The data for the next record in the mboset could not be retrieved for the SQL query select * from maxuser  where loginid = :1 for read only. See the log file for more details about the error.
com.ibm.db2.jcc.am.SqlException: The number of variables in the EXECUTE statement, the number of variables in the OPEN statement, or the number of arguments in an OPEN statement for a parameterized cursor is not equal to the number of values required.. SQLCODE=-313, SQLSTATE=07004, DRIVER=3.69.71
	at com.ibm.db2.jcc.am.gd.a(gd.java:752)
	at com.ibm.db2.jcc.am.gd.a(gd.java:66)
	at com.ibm.db2.jcc.am.gd.a(gd.java:135)
	at com.ibm.db2.jcc.am.bp.c(bp.java:2780)
	at com.ibm.db2.jcc.am.bp.a(bp.java:2244)
	at com.ibm.db2.jcc.t4.bb.o(bb.java:906)
	at com.ibm.db2.jcc.t4.bb.j(bb.java:267)
	at com.ibm.db2.jcc.t4.bb.d(bb.java:55)
	at com.ibm.db2.jcc.t4.p.c(p.java:44)
	at com.ibm.db2.jcc.t4.vb.j(vb.java:157)
	at com.ibm.db2.jcc.am.bp.lb(bp.java:2239)
	at com.ibm.db2.jcc.am.bp.a(bp.java:3281)
	at com.ibm.db2.jcc.am.bp.a(bp.java:708)
	at com.ibm.db2.jcc.am.bp.executeQuery(bp.java:687)
	at psdi.mbo.MboSet.getNextRecordData(MboSet.java:3333)
	at psdi.mbo.MboSet.fetchMbosActual(MboSet.java:2941)
	at psdi.mbo.MboSet.fetchMbos(MboSet.java:2898)
	at psdi.mbo.MboSet.getMbo(MboSet.java:2114)
	at psdi.mbo.MboSet.isEmpty(MboSet.java:4410)
	at psdi.security.SecurityService.commonUserValidation(SecurityService.java:1328)
	at psdi.security.SecurityService.authenticateUserM(SecurityService.java:893)

That's a lot of stack traces. I've included them to make this blog entry easier to find in the future. 

So what was the problem? mxe.useAppServerSecurity was 0, mxe.int.allowdefaultlogin was 0, and the webservice call was not passing a MAXAUTH header. This scenario resulted in a null username which triggered the database error. 

In our case, changing mxe.int.allowdefaultlogin was our solution. Changing mxe.useAppServerSecurity or passing a MAXAUTH header would have also worked.

No comments:

Post a Comment