PQ68148: REQUESTDISPATCH.FORWARD() TO A PROTECTED SERVLET FAILS | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description . Failing on security when doing requestdispatch.forward() to a protected servlet (and now failing) from the "baseLogon" servet that calls SSOAuthenticator. After calling SSOAuthenticator, the request thread should have a security context established and should not fail on the requestdispatch.forward() call.Local fix Test efix PMR81595-356-test-0829 fixed the customer's problem. Need official efix.Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security. * **************************************************************** * PROBLEM DESCRIPTION: Users may not be properly challenged * * while accessing secured resources. * **************************************************************** * RECOMMENDATION: * **************************************************************** Authenticated user may get challenged again, or unauthenticated user may not be challenged as authentication was not properly flaged. This scenario is only likely to occur if a servlet forwards or dispatches to another secured servlet.Problem conclusion The flag used to determine authentication was not used correctly. The flag has now been removed as it is redundant.Temporary fix test eFix has been send to customerComments
APAR is sysrouted FROM one or more of the following: PQ65884 APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68148
IBM Group: Software Group
Modified date: Nov 12, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.