PQ54969: STATIC RESOURCE WHICH SECURED BY WAS, CAN BE ACCESSED WHEN ADMIN SERVER IS DOWN.


APAR

APAR status
Closed as program error.

Error description
The customer defined static html resource as secured uri of WAS.
This resource can be accessed without any challenge if WAS
adminServer is not running.
The plugin should care about this.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 use WebSphere security to secure webserver   *
*                 resources (ie, resources that will not be    *
*                 processed by the WebSphere Application       *
*                 server).                                     *
****************************************************************
* PROBLEM DESCRIPTION: When the application server is not      *
*                      running, users are granted access to    *
*                      static html pages, which should be      *
*                      secured by WAS, without being           *
*                      challenged for a userid/password.       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the application server is not running, users are granted
access to static html pages, which should be secured by WAS,
without being challenged for a userid/password.
Problem conclusion
Modified the ose/plugin security functions so that if the
communication cannot be established with the application
server access would be denied to the secured static html
pages.
Temporary fix
PQ54969
Comments
APAR information
APAR numberPQ54969
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-11-20
Closed date2001-11-29
Last modified date2001-12-18

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ56065

Modules/Macros
PLUGIN
APAR is sysrouted TO one or more of the following:PQ56065Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ54969
IBM Group: Software Group
Modified date: 2001-12-18