PQ71310: getUserPrincipal() getname() returns wrong name rather than logged in username accessing from another domain | |||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Customer logs in to the administration console using the administration username and password The Custom realm is called and accepts the administration username and password. Then logs to the Web Application using a web username and password (username and password are different from administration username and password): The Custom realm is called and accepts the authentication. The Web Application (a servlet) calls getUserPrincipal().getName() from the HttpServletRequest. The Web application receives the administration user identity. Later calls to getUserPrincipal().getName() from the HttpServletRequest return the correct logged user.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server security users * * who have deployed servlets and EJBs in * * different realms. * **************************************************************** * PROBLEM DESCRIPTION: getName() in getUserPrincipal() * * may not return the right security * * name during an EJB call. * **************************************************************** * RECOMMENDATION: * **************************************************************** getName() in getUserPrincipal() may return wrong security name after servlet accesses an EJB in a different security domain.Problem conclusion When a servlet accesses EJB in a different realm, security will try to map the invocation credential to the target realm. If the credential mapping fails, the original credential is now returned rather than returning the default credential.Temporary fix provided test fixComments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ71310
IBM Group: Software Group
Modified date: Apr 30, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.