Question & Answer
Question
What can be done to change LOG=NONE to LOG=ASIS for a Java (TM) EE application being run within a Liberty JVM server in CICS Transaction Server for z/OS (CICS TS)? The Liberty server makes EJBROLE checks to ensure the end user is authorized to use the application. However, these security checks are being made with LOG=NONE. Therefore, the SAF authorization problems are not being logged.
SAF trace shows the security checks are being made out of module DFHKEATT.
Answer
Update the safAuthorization element in the Liberty server.xml configuration file to specify racRouteLog="ASIS". For example:
<safAuthorization id="saf" racRouteLog="ASIS"/>
For further details review topic safAuthorization - SAF Authorization (safAuthorization) in the WebSphere Application Sever for z/OS Liberty documentation
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server;zCEE
Was this topic helpful?
Document Information
Modified date:
14 February 2023
UID
dwa1415924