PQ72357: 403 FORBIDDEN ERRORS 20% OF THE TIME

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
.
When accessing the /wps/portal page, 403 (forbidden) errors are
sometimes returned.  In a 62 hour test run, the 403 error
occurred aproximately 20% of the time.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have  *
*                 enabled security and have secured at least   *
*                 one URI.                                     *
****************************************************************
* PROBLEM DESCRIPTION: Authorization fails without being       *
*                      challenged.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When multiple concurrent requests are received by the Web
container for protected URIs, authorization failures may
occur without any challenge.
Problem conclusion
A timing issue existed with the use of an instance variable.
The variable was changed to a method variable which insures
that two simultaneous threads do not update the variable
concurrently.
Temporary fix
send testing fix.
Comments
APAR information
APAR number PQ72357
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-03-21
Closed date 2003-03-24
Last modified date 2003-03-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
security          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ72357
IBM Group: Software Group
Modified date: Mar 24, 2003