PQ59262: IE DOES NOT DISPLAY 401 ERROR MESSAGES CORRECTLY. | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description I setup resource and secured it via IHS. Regardless of the setting of "Show friendly HTTP error messages" in MS IE. A comm trace at the adapter level shows that with EACH 401 Response, IHS includes an HTML formatted message (Content-Type text/html) with the following content: . <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>401 Authorization Required</TITLE> </HEAD><BODY> <H1>Authorization Required</H1> This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. </BODY></HTML> . When a resource is secured with WebSphere and a 401 Response is sent, there is no text/html message as part of the response. . What seems to happen is that after 3 failures, IE displays the text (message body) of the 401 Response message. In the case of IHS, it displays the HTML document shown above. In the case of WebSphere, there is no message to display - hence the blank screen. . I put together all my information (including a reference to Microsoft's Knowledge Base article, Q218155 where it is stated: . "Internet Explorer 5 provides a replacement for the HTML template for the following friendly error messages: . 400, 403, 404, 405, 406, 408, 409, 410, 500, 501, 505" . >> (Note that 401 is NOT listed!) << . and sent this to L3. After speaking with Dennis R., he suggested that we should open an APAR since customer would like an EFix. Kathy R. agreed to do this (since I will be outta here beginning next week).Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users of * * WebSphere to secure web resources. * **************************************************************** * PROBLEM DESCRIPTION: If a browser user is challenged for * * an ID and password (via HTTP code 401) * * and the request is canceled then IE * * displays a blank page and Netscape * * responds "The document contained no * * data." * **************************************************************** * RECOMMENDATION: * **************************************************************** When most browsers receive a 401 they display the challenge dialog (so the user may enter a name and password) while displaying the previous HTML screen. But it is valid for that request to also contain an HTML body along with the 401 header. It is that body that is displayed if the request is canceled (dialog dismissed). The WebSphere security subsystem sends no body along with a security challenge.Problem conclusion This is more so a new feature request than a defect. I changed the servlet engine to send the proper HTTP headers (by invoking the WebSphere security subsystem) and then send any user-defined 401 error page.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PQ56177 APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ59262
IBM Group: Software Group
Modified date: Mar 20, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.