JEUS 와 XA 중에 TAG_CSI_SEC_MECH_LIST 관련 Exception 발생

1. WAS 버전 : WebSphere ND v6.1

2. OS : All

3. Error 발생 시점 :  TMax 의 JEUS 에서 XA 로 WebSphere 를 연동하는 경우
                           (단, WebSphere 에서 보안이 켜져 있고 Cluster 를 사용했을 경우에만 발생)

4. Error message :
  java.lang.RuntimeException: More than one TAG_CSI_SEC_MECH_LIST tagged component found


5. 예상 이유 : JEUS 제작사에 문의한 결과, JEUS 의 Log 는 인증 서명을 2개 이상 받았을 때 발생하는 메세지라는 답변을 받음


6. 조치 방안 :
 관리보안을 켠 상태에서 XA 를 위한 iiop 관련 보안을 disable 하면 보안 문제가 발생되지 않음
(Security > Secure administration, applications, and infrastructure > RMI/IIOP security > CSIv2 inbound transport
 이 부분은 TCP/IP 로 설정)
 또한, Application server 의 Transaction Service 에서 Enable protocol security 을 해제해야 함
 (non-WebSphere Application Server 와 transaction 관련 interoperate 할 경우에는 반드시 disable 하라고 가이드됨)


    When WebSphere Application Server security is enabled for application
    servers at WebSphere® Application Server Version 6.0.2
    or later, you must disable protocol security on such servers in the
    following situations:
        The server interoperates transactionally with application servers
        at an earlier version.
        The server interoperates transactionally with non-WebSphere Application
        Server servers.
        The server interoperates transactionally with other servers and
        the server is not in a Common Criteria EAL4 evaluated configuration.

    The protocol security setting controls only the transaction
    protocol messages between servers that are used to coordinate the
    completion of a transaction. It does not affect application messages
    or the security of the server.

    To disable protocol security
    on a server, complete the following steps in the administrative console:

        In the administrative console,
        click
        Servers > Application
        Servers > 
        server_name

         > [Container Settings] Container Services
         > Transaction Service

        Clear the Enable protocol
        security check box.

        Click Apply or OK.


        Click Save to save your changes
        to the master configuration.

        Restart the server.

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.express.doc/info/exp/ae/tjta_intop.html?resultof=%22%44%49%53%41%42%4c%45%5f%50%52%4f%54%4f%43%4f%4c%5f%53%45%43%55%52%49%54%59%22%20


하단과 같은 custom property 로도 disable 가능함

The solution/workaround is to disable transaction protocol security:

    Open WAS console
    Go to Application servers > Your server > Container -> Transaction Service > Custom Properties
    Add the following custom property:
        Name:  DISABLE_PROTOCOL_SECURITY
        Value: true

http://jleap.wordpress.com/2006/11/06/role-based-authorization-failure-when-using-j2ee-transactions-in-websphere/