6.0.x Business Process Choreographer API client fails in a V8.0.1 environment

IBM BPM, V8.0.1, All platforms > Troubleshooting and support > Troubleshooting installation and configuration > Troubleshooting the Business Process Choreographer configuration
6.0.x Business Process Choreographer API client fails in a V8.0.1 environment

You did not migrate your 6.0.x Business Process Choreographer API client when you upgraded to IBM BPM Advanced Version V8.0.1. When you try to run your client in the V8.0.1 environment, the client fails.

Symptom

Exceptions similar to the following are written to the SystemOut.log file:
[9/6/07 21:05:27:093 PDT] 00000045 ExceptionUtil E CNTR0020E: EJB threw an unexpected 
(non-declared) exception during invocation of method "processMessage" on 
bean "BeanId(validateDataApp#validateDataEJB.jar#component.validateItem, null)". 
Exception data: javax.ejb.AccessLocalException: ; 
nested exception is: com.ibm.websphere.csi.CSIAccessException: 
SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking 
(Home)com/ibm/bpe/api/BusinessFlowManagerHome create:4 
securityName: /UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the required 
roles: BPEAPIUser 
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for 
/UNAUTHENTICATED while invoking (Home)com/ibm/bpe/api/BusinessFlowManagerHome 
create:4 securityName: /UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the required 
roles: BPEAPIUser 
at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:484)
at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:218)
at com.ibm.ejs.container.EJSContainer.preInvokeForStatelessSessionCreate(EJSContainer.java:3646)
at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:2868)
at com.ibm.bpe.api.EJSLocalStatelessGenericBusinessFlowManagerEJBHome_a412961d.create(Unknown Source)
Reason

If you have written a client that uses Business Process Choreographer APIs without first authenticating the user, you should modify the client to perform a login before using the APIs. After migration, the Java™ EE roles BPEAPIUser and TaskAPIUser are set to the value Everyone, which maintains compatibility with earlier versions by maintaining the 6.0.x behavior of not requiring a login when application security is enabled. For new installations these roles default to the value AllAuthenticated. The use of Everyone to map Java EE roles BPEAPIUser and TaskAPIUser is deprecated.

Resolution

Modify your API client to force the user to log on to the client before they use the APIs.
As a temporary workaround, you can change the mappings for the BPEAPIUser and the TaskAPIUser roles. To change the mapping:

In the administrative console, click Applications > Enterprise Applications > BPEContainer_ suffix, and under Detail Properties click Security role to user/group mapping
Change the BPEAPIUser role from AllAuthenticated to Everyone, and click OK.
Repeat step 2 for the TaskContainer_suffix and the TaskAPIUser role.
After you have modified your client, you must change these roles back to AllAuthenticated to prevent unauthenticated users accessing the APIs.

Troubleshooting the Business Process Choreographer configuration