PQ60895: WASSEC - AUTHENTICATION INFORMATION NOT RETURNED TO THE BROWSER IF A PROTECTED URI IS NOT ACCESSED BEFORE J_SECURITY_CHECK POST. | |||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||
APAR status Closed as unreproducible in next release. Error description If authentication information is posted to j_security_check before a protected URI is accessed, the browser does not receive authentication information and therefore subsequent requests of protected resources fail. Failure stack in app svr stdout (excerpt): ExtendedMessage: Servlet Error: : java.lang.NullPointerException at com.ibm.servlet.personalization.sessiontracking.SessionContext.i sProtoco lSwitch(SessionContext.java:1884) at com.ibm.servlet.personalization.sessiontracking.SessionContext.s houldEnc odeURL(SessionContext.java:1834) at com.ibm.servlet.engine.srt.SRTSessionAPISupport.encodeURL(SRTSes sionAPIS upport.java:137) at com.ibm.servlet.engine.srt.SRTServletResponse.encodeURL(SRTServl etRespon se.java:220) at com.ibm.servlet.engine.webapp.HttpServletResponseProxy.encodeURL (HttpSer vletResponseProxy.java:51) at com.ibm.ws.security.web.FormLoginServlet.formLogin(FormLoginServ let.java :388) at com.ibm.ws.security.web.FormLoginServlet.doPost(FormLoginServlet .java:16 0) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Se rvletMan ager.java:827)Local fix Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users * * using Form Login. * **************************************************************** * PROBLEM DESCRIPTION: The browser failed to receive * * authentication information when the * * Form Login page was directly accessed. * **************************************************************** * RECOMMENDATION: * **************************************************************** The browser failed to receive authentication information when the Form Login page was directly accessed instead of being redirected to the page by attempting to access a protected URI.Problem conclusion Temporary fix Test fix supplied on 5/22/2002.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ60895
IBM Group: Software Group
Modified date: Nov 13, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.