PK16987: WEBSECURITYEXCEPTION: INVALID URI PASSED TO SECURITY COLLABORATOR WHEN THE PATHINFO IS NULL IN THE REQUEST. | |||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description When global security is enabled servlets returns 403/401 response codes either sporadically or consistently. WebSecurityException: Invalid URI passed to Security Collaborator when the pathinfo is null in the request.Local fix Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security and using * * servlet mapping. * **************************************************************** * PROBLEM DESCRIPTION: In servlet request there is a problem * * with the second and any subsequent * * request is that no longer * * "/" is added by the web component. * * * **************************************************************** * RECOMMENDATION: * **************************************************************** In servlet request there is a problem with the second and any subsequent request is that no longer "/" is added. The first request gets a / appended even if no / is submitted. Every following request does not get this slash appened. The resulting "empty" URI causes an incorrect 403 response code to be returned by WebSphere.Problem conclusion Fixed the code as per Servlet 2.4 specification. If there is no servletpath or pathInfo, Security should pass in a "/" to the security check. The fix for this APAR is currently targeted for inclusion in fixpack 6.0.2.7. Please refer to the Recommended Updates page for delivery dates: http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP& uid=swg27004980Temporary fix Sent a testfixComments
APAR is sysrouted FROM one or more of the following: PK16893 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PK16987
IBM Group: Software Group
Modified date: Dec 19, 2005
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.