PM75779: SECURITY AUDITING THROWS A NULLPOINTEREXCEPTION WHEN TRYING TO READ INCOMING SESSION DATA.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When trying to read incoming session data, particularly from a
    Webseal-authenticated user, WAS security auditing code throws
    the following NullPointerException:
    
    [9/24/12 12:07:28:663 PDT] 0000005c WebAuthentica E
    SECJ0128E: An
    unexpected exception occurred during Trust Association. The
    exception is java.lang.NullPointerException at
    com.ibm.ws.security.audit.utils.AuditHelper.buildSessionData(A
    uditHelp.java:464) at
    com.ibm.ws.security.web.WebAuthenticator.basicAuthenticate(WebAu
    thentitor.java:4238) at
    com.ibm.ws.security.web.WebAuthenticator.basicAuthenticate(WebAu
    thentitor.java:3984) at
    com.ibm.ws.security.web.WebSealTrustAssociationInterceptor.valid
    ateEstlishedTrust(WebSealTrustAssociationInterceptor.java:445)
    at
    com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablish
    edTrusTAIWrapper.java:128)
    

Local fix

  • Disable security auditing or authenticate without Webseal
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server who uses audit function as well as   *
    *                  WebSeal Trust Association Interceptor       *
    *                  (WebSeal TAI)                               *
    ****************************************************************
    * PROBLEM DESCRIPTION: When audit function is enabled,         *
    *                      WebSphere Application server throws     *
    *                      NullPointerException                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Audit code assumes http request is always non-null.  However
    WebSeal TAI could send null http request and caused
    NullPointerException.
    

Problem conclusion

  • Code is updated to check http request to avoid
    NullPointerException.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.29, 8.0.0.7 and the release after 8.5.0.2.
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM75779

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-10-24

  • Closed date

    2013-03-07

  • Last modified date

    2013-04-19

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Application Server
General

Software version:

7.0

Reference #:

PM75779

Modified date:

2013-04-19

Translate my page

Machine Translation

Content navigation