PM20910: RESOLVER COOKIE PARSING CODE CANNOT HANDLE EMPTY VALUE COOKIES

Fixes are available

6.1.0.5 Download: WebSphere Portal and WCM V6.1.0 fix pack 5
Fixes integrated in WebSphere Portal V7.0 Combined Cumulative Fix
Recommended Updates for WebSphere Portal and IBM Web Content Manager V7.0
6.1.0.6 Download: WebSphere Portal and WCM V6.1.0 fix pack 6
7.0.0.2 Download: WebSphere Portal and WCM V7.0 fix pack 2
7.0.0.1 Download: WebSphere Portal and WCM V7.0 fix pack 1

APAR status

Closed as program error.

Error description

The resolver cookie parsing code fails to handle cookies with
no value (empty string). The following exception can be seen in
the logs for this issue:

Caused by: java.lang.StringIndexOutOfBoundsException
at java.lang.String.charAt(String.java:415)
at com.ibm.wps.resolver.httpclient
.CookieContainerImpl$CookieParser
.decodeToken(CookieContainerImpl.java:761)
at com.ibm.wps.resolver.httpclient
.CookieContainerImpl$CookieParser
.processToken(CookieContainerImpl.java:891)
at com.ibm.wps.resolver.httpclient
.CookieContainerImpl$CookieParser.parse(CookieContainerImpl
.java:852)
at com.ibm.wps.resolver.httpclient.CookieContainerImpl
.setCookie(CookieContainerImpl.java:1817)
...

The issue was seen in relation with consuming a WSRP Producer
when a Cookie with an empty value is set at the end of the
Set-Cookie header, e.g.

...760; domain=.somedomain.com; path=/; HttpOnly=

The RFC 2965 syntax does not require the HTTP Browser to set a
semicolon at the end of the Cookie string.

This APAR also adds toleration of the Cookie attribute HttpOnly
and fixes the following exception that raises when a
WSRP-Producer tries to set this attribute:

Caused by: java.lang.IllegalStateException: HttpOnly
at com.ibm.wps.resolver.httpclient.CookieContainerImpl
.setCookie(CookieContainerImpl.java:1880)
at com.ibm.wps.wsrp.consumer.impl.ScopedCookieContainerImpl
.setCookie(ScopedCookieContainerImpl.java:344)
at com.ibm.wps.wsrp.consumer.std.impl
.AbstractWSRPBaseRequestImpl.setCookies(AbstractWSRPBaseRequestI
mpl.java:396)
at com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper
.storeCookiesFromTransportHeaders(PortletDriverMarkupHelper
.java:394)
at com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper
.initCookie(PortletDriverMarkupHelper.java:189)
at com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper
.checkInitCookie(PortletDriverMarkupHelper.java:154)
...

With this fix the HttpOnly attribute is now known to the Cookie
parser, but ignored, because this attribute does not have a
meaning for a Java HTTP client like the WebSphere Portal WSRP
Consumer.

Local fix

Problem summary

The resolver cookie parsing code fails to handle cookies with no
value (empty string). The following exception can be seen in the
logs for this issue:

Caused by: java.lang.StringIndexOutOfBoundsException
at java.lang.String.charAt(String.java:415)
at
com.ibm.wps.resolver.httpclient.CookieContainerImpl$CookieParser
.decodeToken(CookieContainerImpl.java:761)
at
com.ibm.wps.resolver.httpclient.CookieContainerImpl$CookieParser
.processToken(CookieContainerImpl.java:891)
at
com.ibm.wps.resolver.httpclient.CookieContainerImpl$CookieParser
.parse(CookieContainerImpl.java:852)
at
com.ibm.wps.resolver.httpclient.CookieContainerImpl.setCookie(Co
okieContainerImpl.java:1817)
...

The issue was seen in relation with consuming a WSRP producer
when a cookie with an empty value is set at the end of the
Set-Cookie header, e.g.

...760; domain=.somedomain.com; path=/; HttpOnly=

The RFC 2965 syntax does not require the HTTP Browser to set a
semicolon at the end of the Cookie string.

This APAR also adds toleration of the Cookie attribute HttpOnly
and fixes the following exception that raises when a WSRP
producer tries to set this attribute:

Caused by: java.lang.IllegalStateException: HttpOnly
at
com.ibm.wps.resolver.httpclient.CookieContainerImpl.setCookie(Co
okieContainerImpl.java:1880)
at
com.ibm.wps.wsrp.consumer.impl.ScopedCookieContainerImpl.setCook
ie(ScopedCookieContainerImpl.java:344)
at
com.ibm.wps.wsrp.consumer.std.impl.AbstractWSRPBaseRequestImpl.s
etCookies(AbstractWSRPBaseRequestImpl.java:396)
at
com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper.storeCo
okiesFromTransportHeaders(PortletDriverMarkupHelper.java:394)
at
com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper.initCoo
kie(PortletDriverMarkupHelper.java:189)
at
com.ibm.wps.wsrp.consumer.impl.PortletDriverMarkupHelper.checkIn
itCookie(PortletDriverMarkupHelper.java:154)
...

With this fix the HttpOnly attribute is now known to the cookie
parser, but ignored, because this attribute does not have a
meaning for a Java HTTP client like the WebSphere Portal WSRP
consumer.

Problem conclusion

Fixed resolver cookie code to explicitly check for the failing
condition.

Manual Steps:
   None

Failing Module(s):
   Web Services

Affected Users:
   All Users

Version Information:
    Portal Version(s): 6.1.0.0
     Pre-Requisite(s): PK88192
      Co-Requisite(s): ---

    Portal Version(s): 6.1.0.1
     Pre-Requisite(s): PK88192
      Co-Requisite(s): ---

    Portal Version(s): 6.1.0.3, 6.1.0.4
     Pre-Requisite(s): ---
      Co-Requisite(s): ---

Platform Specific:
   This fix applies to all platforms.

A fix is available from Fix Central:

http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?apar=PM20910&productid=WebSphere%20Portal&brandid=5

You may need to type or paste the complete address into your Web
browser.

PM20910 is also part of Cumulative Fix 07 for Portal 6.1.0.3 /
6.1.5.0:

http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?apar=PM18585&productid=WebSphere%20Portal&brandid=5

and part of Cumulative Fix 07 for Portal 6.1.0.4 / 6.1.5.1:

http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?apar=PM18610&productid=WebSphere%20Portal&brandid=5

Temporary fix

Comments

APAR Information

APAR number
PM20910
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
61C
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-08-23
Closed date
2010-09-01
Last modified date
2010-11-09

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600

Applicable component levels

R610 PSY
UP
R615 PSY
UP
R61A PSY
UP
R61C PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.0.3","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
09 November 2010

Tips

PM20910: RESOLVER COOKIE PARSING CODE CANNOT HANDLE EMPTY VALUE COOKIES

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R610 PSY

R615 PSY

R61A PSY

R61C PSY

Document Information

Share your feedback

Need support?