PQ76092: WSAS AES URL PASSING OF CONFIG FILE TO WEB BASED ADMIN CONSOLE FAILS WHEN SECURITY IS ENABLED (ZE OF PQ73531) | |||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Environment: WebSphere Application Server (WSAS) 4.0.4 AEs Description: When using the web-based administrative app/console and passing a different configuration file through the URL in the web browser (e.g., http://localhost:9091/admin/edit?configFile=c :/temp/myConfigFile.xml) so that the administrative console uses a different configuration file other than the default server-cfg.xml, it fails and uses the default server-cfg.xml when security is enabled.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server 4.0 Advanced * * Edition Single Server users with security * * enabled and passing the server a custom * * configuration file via a URL. * **************************************************************** * PROBLEM DESCRIPTION: When specifying a configuration file * * through the URL, the application server * * is loading the default server-cfg.xml * * file instead of the one specified. * **************************************************************** * RECOMMENDATION: * **************************************************************** If a user has security enabled and tries to specify a custom configuration file in the URL of a browser, the application server will load the default server-cfg.xml file instead. The URL requesting the custom configuration file looks like this: http://hostname:9090/admin/edit?configFile=/opt/mycfg.xml This issue happens because when security is enabled a SendRedirect is performed and the data that is specified in the URL is lost.Problem conclusion The Thin Admin code was modified to stored the value of the configuration file if it is specified in a URL when security is enabled.Temporary fix This temporary fix will set a session attribute in the two logon.jsp files. The request parameter is getting lost when the JSP does a servlet redirect, so setting the session attribute should take care of it.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ76092
IBM Group: Software Group
Modified date: Oct 14, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.