Change in display of BPM errors after applying IBM BPM 8.5.6 CF01

Follow

Introduction

In this article we're going to talk about the change in how error messages are displayed after applying IBM BPM 856 Cumulative Fix 01 (IBM BPM 856 CF01). We will be targeting the following situations: 

  • If you have already applied CF01 in your IBM BPM 8.5.6 environment, then this article will help to explain the unexpected behavior you will see when debugging processes/services in IBM BPM.

  • If you are planning to install CF01 in your IBM BPM 8.5.6 environment, then this article will help you with better planning and set your expectations accordingly.
Issue
 
Once you install CF01, you will no longer see any errors in the browser when running or debugging services in any environment including DEV. 
 
The following is an example of what you will see in place of the actual runtime error: 
 
 
You can imagine the impact this might have on your development team. Basically BPM developers will have to look at the logs on BPM server each time a process/service/task fails to get an understanding why it failed, e.g. what was the "actual" error.
 
Now let's imagine 15 developers working on a process application running processes/services in DEV environment, getting errors and trying to identify which error is theirs because they all are recorded in the same log file - SystemOut.log. It would be a rather challenging task.
 
Cause
 
This generic error message was introduced with the fix for APAR JR52721 (http://www.ibm.com/support/docview.wss?uid=swg1JR52721) but unfortunately there were no backward compatibility flags added. It was introduced to eliminate a security vulnerability. But for BPM developers, this generic message is unacceptable and slows down development processes in BPM.
 
In 8.5.6 all the stack traces were taken out already. But with the addition of this APAR, even the error itself was taken away.

Resolution

This issue was addressed by IBM in IBM BPM 856 Cumulative Fix 02 (IBM BPM 856 CF02).

(APAR in question is - JR54753)

Good news is that if you were cautious and have not applied CF01 then you have a better chance with CF02 where it fixes this issue and also has important performance related fixes.

NOTE: CF02 is a cumulative fix meaning that you can install it on top of IBM BPM 8.5.6 without having to install CF01 first. So, the suggestion of BP3 Labs is to upgrade directly to CF02 instead of going through CF01 -> CF02 process.

IMPORTANT NOTES:

  • JR54753 introduces a new property that has to be set in custom XML override (best practices) in order to achieve backward compatibility as it used to be before installing cumulative fix. It is recommended that this setting only be configured on development environments and lower test/QA environments, for purpose of debugging of custom application code. We do not recommend setting this on production environments, as it is possible for the detailed error messages to be used to exploit security vulnerabilities.
    Note also that a UUID value in parentheses is displayed after each error message, regardless of whether it is a detailed or generic message. The UUID value can be correlated with the SystemOut.log file on the server for additional information (detailed message and stack trace if the generic message is displayed, stack trace if the detailed message is displayed).
    For instructions on where to place the over ride files, see the following technote:
    http://www.ibm.com/support/docview.wss?uid=swg21439614
    Here is the XML override:
<properties>
    <server merge="mergeChildren">
        <debug merge="mergeChildren">
            <display-debug-error-messages merge="replace">true</display-debug-error-messages>
        </debug>
    </server>
</properties>

  • There is one downside if you install this ifix (by installing CF02) and that is - with the fix enabled (via XML property as shown above), you will see an error message in the process portal/process admin console but the detailed exception is not present in the SystemOut.log. Instead you will see only a generic exception without full stack trace. That's why BP3's Labs suggests to enable this only in DEV environment and/or lower QA/test environment(s) and not in STG or PROD.

If you are a BP3 Labs customer, please do not hesitate to contact us at support@bp-3.com if you have any additional questions or need additional help.

Have more questions? Submit a request

Comments

  • Avatar
    Leo Haughton

    Exactly what I was looking for. Thanks Sergei!

  • Avatar
    Johan Andersson

    I'm currently tasked with changing this error message, to better signify for our end users what they need to do to correct the error. Could you explain the steps needed to be taken to achieve this? I still want the stacktrace and such to appear in logs, but i need to append the text with something like "The user is not part of the tw_authors group" or something like that.

Powered by Zendesk