PQ66680: AAT DOES NOT DETECT MISSING DEPLOYMENT DESCRIPTOR ENTRIES IN FORM LOGON BASED APPLICATION EAR FILES.

APAR status
Closed as fixed if next.

Error description
An application that uses FORM based security could not
authenticate successfully.  The logon FORM was redisplayed each
time a valid user id and password was entered. Analysis
of the ear file revealed that the servlet definitions were
missing from the Web Component folder of the deployment
descriptor. These definitions could be missing if the servlets
were created outside the 'main-line' wizards of WSAD, or if the
servlets were imported from some other tool. The AAT should
issue a warning if an application deployment descriptor requests
FORM based security and has security constraints defined, but
does not contain any Web Component definitions.
Local fix
Use WSAD to declare the servlets within the Web Components
folder of the deployment descriptor and redeploy the
application.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: A web application that uses FORM based  *
*                      security could not authenticate         *
*                      successfully and logon FORM was         *
*                      redisplayed each time a valid user id   *
*                      and password was entered if web         *
*                      components are missing from the         *
*                      webapp's deployment descriptor.         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A web application that uses FORM based security could not
authenticate successfully.  The logon FORM was redisplayed each
time a valid user id and password was entered. Analysis of the
ear file revealed that the servlet definitions were missing
from the Web Component folder of the deployment descriptor.
These definitions could be missing if the servlets were created
outside the 'main-line' wizards of WSAD, or if the servlets
were imported from some other tool. The AAT should issue a
warning if an application deployment descriptor requests
FORM based security and has security constraints defined, but
does not contain any Web Component definitions.
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.
APAR information
APAR number PQ66680
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Submitted date 2002-09-27
Closed date 2002-12-19
Last modified date 2002-12-19

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels
R401 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ66680
IBM Group: Software Group
Modified date: Dec 19, 2002