PQ75595: NULLPOINTEREXCEPTION WAS RECEIVED ON THE GETREMOTEUSER() IN AN ERROR PAGE

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
A NullPointerException was received on the getRemoteUser()
in an error jsp when the jsp was driven by an error,  even
when the user was authenticated.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390.           *
****************************************************************
* PROBLEM DESCRIPTION: A NullPointerException was received on  *
*                      the getRemoteUser() in an error JSP,    *
*                      even  though the user was               *
*                      authenticated.                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When WebSphere for z/OS  redirects to an error page, it does
not propogate the Security Context to the error page.
Problem conclusion
The code was changed to propogate the Security Context to the
error page.

If you do not want to propogate the Security Context set the
errorpage.securitycontext.enabled property in jvm.properties
file to false.

APAR PQ75595 requires the following changes to WebSphere
Application Server V4.0.1 for z/OS and OS/390 documentation:

WebSphere Application Server V4.0.1 for z/OS and OS/390
Assembling J2EE Applications, SA22-7836-06, will be changed
as follows:

1. In Appendix A, the new errorpage.securitycontext.enabled=
property will be added to Table 24 as a J2EE server
intstance optional property.

2. Also in Appendix A, the following description of the new
errorpage.securitycontext.enabled= property will be added to
the section "Properties descriptions:"

errorpage.securitycontext.enabled=true | false

Specifies whether or not to the remote user Id is to be
included in an error page on a getRemoteUser() request.

The default is true.
Example: errorpage.securitycontext.enabled=false

WebSphere Application Server V4.0.1 for z/OS and OS/390
Installation and Customization, GA22-7834-07, will be
changed as follows:

1. The following note will be added to the SSL basic
authentication rule contained in the section "Overview of
SSL basic authentication security for your application
server and clients" of Chapter 5 :

Note: By default, getRemoteUser() request propagates the
remote user Id in an error page.
If you do not want the remote user Id to be included in the
error page, set the errorpage.securitycontext.enabled
property in the jvm.properties file to false.

2. In Appendix A, the new errorpage.securitycontext.enabled=
property will be added to Table 24 as a J2EE server intstance
optional property.

3. Also in In Appendix A, the following description of the
new errorpage.securitycontext.enabled= property will be
added to the section "Properties descriptions:"
errorpage.securitycontext.enabled=true | false

Specifies whether or not to the remote user Id to be
propagated in an error page on a getRemoteUser() request.

The default is true.
Example: errorpage.securitycontext.enabled=false

To access the latest online documentation, go to the product
library page at:
www.ibm.com/software/webservers/appserv/zos_os390

APAR PQ75595 is associated with SERVICE LEVEL W401510 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ75595
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-06-24
Closed date 2003-07-29
Last modified date 2003-08-06

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
EJSJWCWC          

Fix information
Fixed component name WEBSPHERE OS/39
Fixed component ID 5655A9800

Applicable component levels
R401 PSY UQ78989    UP03/08/01 P F307

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ75595
IBM Group: Software Group
Modified date: Aug 6, 2003