PQ76092: WSAS AES URL PASSING OF CONFIG FILE TO WEB BASED ADMIN CONSOLE FAILS WHEN SECURITY IS ENABLED (ZE OF PQ73531)

 A fix is available

4.0.7: WebSphere Application Server Version 4.0 Fix Pack 7



APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server (WSAS) 4.0.4 AEs

Description:
   When using the web-based administrative app/console and
passing a different configuration file through the URL in the
web browser (e.g., 
http://localhost:9091/admin/edit?configFile=c
:/temp/myConfigFile.xml) so that the administrative console uses
a different configuration file other than the default
server-cfg.xml, it fails and uses the default server-cfg.xml
when security is enabled.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server 4.0 Advanced    *
*                 Edition Single Server users with security    *
*                 enabled and passing the server a custom      *
*                 configuration file via a URL.                *
****************************************************************
* PROBLEM DESCRIPTION: When specifying a configuration file    *
*                      through the URL, the application server *
*                      is loading the default server-cfg.xml   *
*                      file instead of the one specified.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If a user has security enabled and tries to specify a custom
configuration file in the URL of a browser, the application
server will load the default server-cfg.xml file instead.  The
URL requesting the custom configuration file looks like this:

http://hostname:9090/admin/edit?configFile=/opt/mycfg.xml
This issue happens because when security is enabled a
SendRedirect is performed and the data that is specified in the
URL is lost.
Problem conclusion
The Thin Admin code was modified to stored the value of the
configuration file if it is specified in a URL when security is
enabled.
Temporary fix
This temporary fix will set a session attribute in the two
logon.jsp files.  The request parameter is getting lost when
the JSP does a servlet redirect, so setting the session
attribute should take care of it.
Comments
APAR information
APAR number PQ76092
Reported component name WEBSPHERE AES A
Reported component ID 5630A2300
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-07-08
Closed date 2003-09-08
Last modified date 2003-10-14

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ThinAdmn          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ76092
IBM Group: Software Group
Modified date: Oct 14, 2003