PQ60895: WASSEC - AUTHENTICATION INFORMATION NOT RETURNED TO THE BROWSER IF A PROTECTED URI IS NOT ACCESSED BEFORE J_SECURITY_CHECK POST.

APAR status
Closed as unreproducible in next release.

Error description
If authentication information is posted to j_security_check
before a protected URI is accessed, the browser does not
receive authentication information and therefore subsequent
requests of protected resources fail.  Failure stack in app svr
stdout (excerpt):
ExtendedMessage: Servlet Error: : java.lang.NullPointerException
 at
com.ibm.servlet.personalization.sessiontracking.SessionContext.i
sProtoco
lSwitch(SessionContext.java:1884)
 at
com.ibm.servlet.personalization.sessiontracking.SessionContext.s
houldEnc
odeURL(SessionContext.java:1834)
 at
com.ibm.servlet.engine.srt.SRTSessionAPISupport.encodeURL(SRTSes
sionAPIS
upport.java:137)
 at
com.ibm.servlet.engine.srt.SRTServletResponse.encodeURL(SRTServl
etRespon
se.java:220)
 at
com.ibm.servlet.engine.webapp.HttpServletResponseProxy.encodeURL
(HttpSer
vletResponseProxy.java:51)
 at
com.ibm.ws.security.web.FormLoginServlet.formLogin(FormLoginServ
let.java
:388)
 at
com.ibm.ws.security.web.FormLoginServlet.doPost(FormLoginServlet
.java:16
0)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at
com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Se
rvletMan
ager.java:827)
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users       *
*                 using Form Login.                            *
****************************************************************
* PROBLEM DESCRIPTION: The browser failed to receive           *
*                      authentication information when the     *
*                      Form Login page was directly accessed.  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The browser failed to receive authentication information when
the Form Login page was directly accessed instead of being
redirected to the page by attempting to access a protected URI.
Problem conclusion Temporary fix
Test fix supplied on 5/22/2002.
Comments
APAR information
APAR number PQ60895
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED UR1
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-07
Closed date 2002-06-18
Last modified date 2002-11-13

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ60895
IBM Group: Software Group
Modified date: Nov 13, 2002