PQ68148: REQUESTDISPATCH.FORWARD() TO A PROTECTED SERVLET FAILS

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
.
Failing on security when doing requestdispatch.forward() to a
protected servlet (and now failing) from the "baseLogon" servet
that calls SSOAuthenticator. After calling SSOAuthenticator,
the request thread should have a security context established
and should not fail on the requestdispatch.forward() call.
Local fix
Test efix PMR81595-356-test-0829 fixed the customer's problem.
Need official efix.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security.                       *
****************************************************************
* PROBLEM DESCRIPTION: Users may not be properly challenged    *
*                      while accessing secured resources.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Authenticated user may get challenged again, or
unauthenticated user may not be challenged as authentication
was not properly flaged.  This scenario is only likely to
occur if a servlet forwards or dispatches to another
secured servlet.
Problem conclusion
The flag used to determine authentication was not used
correctly.  The flag has now been removed as it is
redundant.
Temporary fix
test eFix has been send to customer
Comments
APAR information
APAR number PQ68148
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-11-12
Closed date 2002-11-12
Last modified date 2002-11-12

APAR is sysrouted FROM one or more of the following:
PQ65884

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68148
IBM Group: Software Group
Modified date: Nov 12, 2002