PQ67473: % SIGN IN THE USER CREDENTIALS IS CORRUPTED WHEN PASSED THROUGHTHE GETUSERPRINCIPAL CLASS

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
custom tion Description Form based security using
er uses is a \242 (cent sign).  When passed to getUserPrincipal,
.ustomer programmatically checks security with
user name goes in as user<delim>company, and comes back from the
.etUserPrincipal API.  For business reasons, customer uses a
method as user<extra character><delim>company. This worked under
.egistry to store usernames as <username><delim><company>
weblogic :) and they want it to work the same under websphere.
Problem Summary The security check passes OK, but the delim the
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users with      *
*                 security enabled.                            *
****************************************************************
* PROBLEM DESCRIPTION: Unicode character in the principal name *
*                      gets changed after login with           *
*                      SSOAuthenticator.                       *
*                                                              *
*                                                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When using unicode characters in the principal name, the
principal name gets changed with an extra character in front
of the unicode character when getUserPrincipal().getName()
is called after login.
Problem conclusion
Inconsistent encoding was used when we convert bytecode to
string and back.  UTF8 should be used.
Temporary fix
available
Comments
APAR information
APAR number PQ67473
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-10-22
Closed date 2002-10-28
Last modified date 2002-10-28

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ67473
IBM Group: Software Group
Modified date: Oct 28, 2002