PQ75595: NULLPOINTEREXCEPTION WAS RECEIVED ON THE GETREMOTEUSER() IN AN ERROR PAGE | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description A NullPointerException was received on the getRemoteUser() in an error jsp when the jsp was driven by an error, even when the user was authenticated.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * version 4.0.1 for z/OS and OS/390. * **************************************************************** * PROBLEM DESCRIPTION: A NullPointerException was received on * * the getRemoteUser() in an error JSP, * * even though the user was * * authenticated. * **************************************************************** * RECOMMENDATION: * **************************************************************** When WebSphere for z/OS redirects to an error page, it does not propogate the Security Context to the error page.Problem conclusion The code was changed to propogate the Security Context to the error page. If you do not want to propogate the Security Context set the errorpage.securitycontext.enabled property in jvm.properties file to false. APAR PQ75595 requires the following changes to WebSphere Application Server V4.0.1 for z/OS and OS/390 documentation: WebSphere Application Server V4.0.1 for z/OS and OS/390 Assembling J2EE Applications, SA22-7836-06, will be changed as follows: 1. In Appendix A, the new errorpage.securitycontext.enabled= property will be added to Table 24 as a J2EE server intstance optional property. 2. Also in Appendix A, the following description of the new errorpage.securitycontext.enabled= property will be added to the section "Properties descriptions:" errorpage.securitycontext.enabled=true | false Specifies whether or not to the remote user Id is to be included in an error page on a getRemoteUser() request. The default is true. Example: errorpage.securitycontext.enabled=false WebSphere Application Server V4.0.1 for z/OS and OS/390 Installation and Customization, GA22-7834-07, will be changed as follows: 1. The following note will be added to the SSL basic authentication rule contained in the section "Overview of SSL basic authentication security for your application server and clients" of Chapter 5 : Note: By default, getRemoteUser() request propagates the remote user Id in an error page. If you do not want the remote user Id to be included in the error page, set the errorpage.securitycontext.enabled property in the jvm.properties file to false. 2. In Appendix A, the new errorpage.securitycontext.enabled= property will be added to Table 24 as a J2EE server intstance optional property. 3. Also in In Appendix A, the following description of the new errorpage.securitycontext.enabled= property will be added to the section "Properties descriptions:" errorpage.securitycontext.enabled=true | false Specifies whether or not to the remote user Id to be propagated in an error page on a getRemoteUser() request. The default is true. Example: errorpage.securitycontext.enabled=false To access the latest online documentation, go to the product library page at: www.ibm.com/software/webservers/appserv/zos_os390 APAR PQ75595 is associated with SERVICE LEVEL W401510 of WebSphere Application Server version 4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ75595
IBM Group: Software Group
Modified date: Aug 6, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.