APAR status
Closed as program error.
Error description
For any protected content, the Netegrity TAI writes an HTTP
response to do a redirect (for the login form -- challenging the
user for credentials). The execution control is back to
WebSphere container once TAI is done writing a redirect with
appropriate status code available from the TAI. Before sending
this request back to the client, the container attempts to set
the header it received from the TAI. Since the TAI has already
written the response by the time WebSphere container gets the
control, there is no room for the container to set any header.
And upon such an attempt, container spits errors in the
SystemOut.log.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security *
* trust association users *
****************************************************************
* PROBLEM DESCRIPTION: If trust association (TAI) has *
* committed response, authentication *
* may fail *
****************************************************************
* RECOMMENDATION: *
****************************************************************
WebSphere Application server web security may set response
status or cookies after authentication. However, trust
association interceptor may already commit the response, and
security does not take it into consideration.
Problem conclusion
WebSphere security collaborator would not reset response
status or cookie if response is already committed.
The fix for this APAR is currently targeted for inclusion in
fixpack 5.0.2.11 and 5.1.1.5. Please refer to the Recommended
Updates page for delivery dates:
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP
&uid=swg27004980
Temporary fix
provided test fix
Comments
APAR information |
APAR number |
PK01812 |
Reported component name |
WAS NETWRK DEPL |
Reported component ID |
5630A3601 |
Reported release |
10A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-02-28 |
Closed date |
2005-04-01 |
Last modified date |
2005-05-17 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS NETWRK DEPL |
Fixed component ID |
5630A3601 |
Applicable component levels |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|