PQ56065: STATIC RESOURCE WHICH SECURED BY WEBSPHERE APPLICATION SERVER, CAN BE ACCESSED WHEN ADMIN SERVER IS DOWN.

APAR status
Closed as program error.

Error description
The customer defined static html resource as secured URI of
WebSphere Application Server.
This resource can be accessed without any challenge if the
Application Server adminServer is not running.
The plugin should care about this.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 use WebSphere security to secure webserver   *
*                 resources (ie, resources that will not be    *
*                 processed by the WebSphere Application       *
*                 server).                                     *
****************************************************************
* PROBLEM DESCRIPTION: When the application server is not      *
*                      running, users are granted access to    *
*                      static html pages, which should be      *
*                      secured by WAS, without being           *
*                      challenged for a userid/password.       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the application server is not running, users are granted
access to static html pages, which should be secured by WAS,
without being challenged for a userid/password.
Problem conclusion
Modified the ose/plugin security functions so that if the
communication cannot be established with the application
server access would be denied to the secured static html
pages.
Temporary fix
PQ54969
Comments
APAR information
APAR number PQ56065
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2001-12-18
Closed date 2001-12-18
Last modified date 2003-04-29

APAR is sysrouted FROM one or more of the following:
PQ54969

APAR is sysrouted TO one or more of the following:

Modules/Macros
PLUGIN          

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ56065
IBM Group: Software Group
Modified date: Apr 29, 2003