PQ62024: BLANK PAGE DISPLAYED IF CLIENT EITHER ENTERS WRONG USERID/PASSWORD 3 TIMES OR CANCELS THE CHALLENGE BOX FOR A SECURED RESOURCE

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
A blank page is displayed in the browser if the client does one
of the following things:
1. Enters wrong userid/password 3 times when prompted for
   authentication
2. Cancels the challenge for authentication
When scenarios 1 or 2 happen, the code in
WebAppRequestDispatcher does not properly handlethe scenario
and it results in a blank page being displayed to the user
of the following things:1. Enters wrong userid/password 3 times when prompted forauthentication2. Cancels the challenge for authenticationWhen scenarios 1 or 2 happen, the code inWebAppRequestDispatcher does not properly handlethe scenarioand it results in a blank page being displayed to the user
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server developers      *
*                 enabling WebSphere Security.                 *
****************************************************************
* PROBLEM DESCRIPTION: With WebSphere Security enabled,        *
*                      failed login requests result in a       *
*                      blank page being displayed.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
With WebSphere Security enabled and not using custom error
pages, a blank page is displayed when the user enters an
incorrect username/password or hits cancel when the challenge
dialog box is presented.  The correct behavior is to forward
to the default error page instead of sending a no body
response to the client (ie blank page).
Problem conclusion
Modified the handling of security related exceptions to
forward to the default error page when a login
attempt fails to authenticate and no custom error page
is defined for that HTTP return code.
Temporary fix
//wasdoc0/apars/pq62024/3.5.6
Comments
APAR information
APAR numberPQ62024
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-06-07
Closed date2002-06-17
Last modified date2002-06-17

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
ENGINE
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ62024
IBM Group: Software Group
Modified date: 2002-06-17