PQ66680: AAT DOES NOT DETECT MISSING DEPLOYMENT DESCRIPTOR ENTRIES IN FORM LOGON BASED APPLICATION EAR FILES. | |||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description An application that uses FORM based security could not authenticate successfully. The logon FORM was redisplayed each time a valid user id and password was entered. Analysis of the ear file revealed that the servlet definitions were missing from the Web Component folder of the deployment descriptor. These definitions could be missing if the servlets were created outside the 'main-line' wizards of WSAD, or if the servlets were imported from some other tool. The AAT should issue a warning if an application deployment descriptor requests FORM based security and has security constraints defined, but does not contain any Web Component definitions.Local fix Use WSAD to declare the servlets within the Web Components folder of the deployment descriptor and redeploy the application.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: A web application that uses FORM based * * security could not authenticate * * successfully and logon FORM was * * redisplayed each time a valid user id * * and password was entered if web * * components are missing from the * * webapp's deployment descriptor. * **************************************************************** * RECOMMENDATION: * **************************************************************** A web application that uses FORM based security could not authenticate successfully. The logon FORM was redisplayed each time a valid user id and password was entered. Analysis of the ear file revealed that the servlet definitions were missing from the Web Component folder of the deployment descriptor. These definitions could be missing if the servlets were created outside the 'main-line' wizards of WSAD, or if the servlets were imported from some other tool. The AAT should issue a warning if an application deployment descriptor requests FORM based security and has security constraints defined, but does not contain any Web Component definitions.Problem conclusion Temporary fix Comments This APAR is being closed FIN with concurrence from the submitting customer. A solution to this problem will be delivered in a WebSphere Application Server for z/OS and OS/390 release within the next 18 months.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ66680
IBM Group: Software Group
Modified date: Dec 19, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.