Fixes are available
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
The WebSphere Application Server Portlet-Container sets the PortletURL.setSecure(Boolean) setting per default to the value of the current request. This behavior prevents a default of null, which is possible according to the JSR286 specification. This leads to unexpected results when generating URLs on not SSL enabled WSRP-Producer servers and sending the URL-Rewrite-Expressions to SSL-enabled WSRP-Consumers. The URL then may be unsecure on the SSL-enabled WSRP-Consumer, because the default of the not SSL-enabled Producer applies and forces the URL to be generated as unsecure-URL.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V7.0 * **************************************************************** * PROBLEM DESCRIPTION: Portlet-Container needs to preserve * * PortletURL.isSecure() information. * **************************************************************** * RECOMMENDATION: * **************************************************************** The WebSphere Application Server Portlet-Container sets the PortletURL.setSecure(Boolean) setting by default to the value of the current request. This behavior prevents a default of null, which is possible according to the JSR286 specification. This leads to unexpected results when generating URLs on non-SSL enabled WSRP-Producer servers and sending the URL-Rewrite-Expressions to SSL-enabled WSRP-Consumers. The URL then may be unsecure on the SSL-enabled WSRP-Consumer, because the default of the not SSL-enabled Producer applies and forces the URL to be generated as an unsecure-URL.
Problem conclusion
Corrected the code that in case of JSR 286 Portlets the value of PortletURL.isSecure() defaults to null and is only set if the PortletURL.setSecure(Boolean) method was called explicitly by client code. The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.17. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM25773
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-11-02
Closed date
2010-12-07
Last modified date
2010-12-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R700 PSY
UP
Document Information
Modified date:
27 October 2021