PK45192: WEB SERVICE REQUESTS MIGHT BE SENT OVER HTTPS INSTEAD OF HTTP WHEN WS-ATOMIC TRANSACTION IS USED WITH GLOBAL SECURITY ENABLED | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description In WebSphere Application Server V6, a web service client may sent a request message over HTTPS rather than HTTP when global security is enabled and WS-Atomic Transaction is used. The WebSphere WS-Atomic Transaction implementation needs to be fixed so that request messages can be sent over HTTP when global security is enabled.Local fix Problem summary **************************************************************** * USERS AFFECTED: All IBM WebSphere Application Server users * * of Web Services - Atomic Transactions * * (WS-AT) on z/OS Platform in a secure * * environment * **************************************************************** * PROBLEM DESCRIPTION: Enabling WebSphere Application Server * * global security settings caused WS-AT * * messages to be transmitted over HTTPS. * **************************************************************** * RECOMMENDATION: * **************************************************************** The decision regarding whether to send WS-AT request messages over HTTPS rather than HTTP was based on the global security setting applied on the application server, and not related to whether or not SSL was enabled on the chosen transport chain. If WebSphere Application Server global security was enabled, the assumption was being made that the WS-AT protocol messages should also be sent secure - by default, the transaction service will use the default secure Web container transport chain: WCInboundDefaultSecure. To use an alternate transport chain in a secure environment, the WSTX_SECURE_TRANSPORT_CHAIN custom property details which transport chain should be used. While WS-AT would use the defined chain in the secure environment, it ignored the security settings in force on the specified transport chain, causing the messages to be always sent over HTTPS.Problem conclusion Changes were made to ensure that HTTP or HTTPS is selected based on the security settings in force on that transport chain defined by the custom property. As described in the Information Centre, for WS-AT to operate in a secure environment the following custom property must be enabled : WSTX_SECURE_TRANSPORT_CHAIN=WCInboundDefault Also, the 'Enable protocol security' checkbox in the Administrative Console must be unchecked. The checkbox is located on the following Administrative Console panel : Servers > Application Servers > 'server name' > Container Services > Transaction Service APAR PK45192 is currently targeted for inclusion in Service Level (Fix Pack) 6.1.0.10 of WebSphere Application Server V6.1 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PK44945 APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced
|
Document Information |
Current web document: swg1PK45192.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 610
Software edition:
Reference #: PK45192
IBM Group: Software Group
Modified date: Jul 20, 2007
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.