PQ65884: REQUESTDISPATCH.FORWARD() TO A PROTECTED SERVLET FAILS


APAR

APAR status
Closed as program error.

Error description
.
Failing on security when doing requestdispatch.forward() to a
protected servlet (and now failing) from the "baseLogon" servet
that calls SSOAuthenticator. After calling SSOAuthenticator,
the request thread should have a security context established
and should not fail on the requestdispatch.forward() call.
Local fix
Test efix PMR81595-356-test-0829 fixed the customer's problem.
Need official efix.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security.                       *
****************************************************************
* PROBLEM DESCRIPTION: Users may not be properly challenged    *
*                      while accessing secured resources.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Authenticated user may get challenged again, or
unauthenticated user may not be challenged as authentication
was not properly flaged.  This scenario is only likely to
occur if a servlet forwards or dispatches to another
secured servlet.
Problem conclusion
The flag used to determine authentication was not used
correctly.  The flag has now been removed as it is
redundant.
Temporary fix
test eFix has been send to customer
Comments
APAR information
APAR numberPQ65884
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-09-04
Closed date2002-09-09
Last modified date2002-11-12

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ68148

Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:PQ68148Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ65884
IBM Group: Software Group
Modified date: 2002-11-12