PQ72630: JSP 'S USING ISUSERINROLE("XXX") METHOD WILL RECEIVE FALSE IF THE JSP IS NOT MAPPED IN WEB.XML FILE

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
If a JSP uses programmatic security methods like isUserInRole
it will always receive FALSE or NULL if the JSP is not mapped in
the web.xml file.
  This means that all JSP 's must be defined in the web.xml to
guarentee they function correctly.
  This behavior is inconsistent with how WebSphere distributed
functions with the same application ear
----------------------------------------------------------------
WORKAROUND:
The work around for this error is to map the JSP
Local fix
HBC
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390.           *
****************************************************************
* PROBLEM DESCRIPTION: The isUserInRole method inside a JSP    *
*                      always returns false, when there is no  *
*                      servlet definition for the JSP in the   *
*                      WebApplication deployment descriptor.   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When there is no servlet definition for a JSP in the
WebApplication deployment descriptor, there will not be a
role-ref to role-link mapping.  Since there is no way for us to
determine a role-link, the code always returned a false
for the isUserInRole in this case.
Problem conclusion
As per the Servlet 2.3 specification, if a role-ref to role-link
mapping is missing, use user provided rolename, i.e
role-ref=role-link.

APAR PQ72630 is associated with SERVICE LEVEL W401504 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ72630
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-03-28
Closed date 2003-04-29
Last modified date 2003-06-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
EJSJWCWC          

Fix information
Fixed component name WEBSPHERE OS/39
Fixed component ID 5655A9800

Applicable component levels
R401 PSY UQ76441    UP03/05/06 P F305

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ72630
IBM Group: Software Group
Modified date: Jun 5, 2003