Skip to main content

Support & downloads  >  

PK34390; 6.1.0.5: unauthenticated HTTP requests are redirected to the error page
 Downloadable files
 
Abstract
When an unauthenticated IBM® HTTP Server request comes without passing through a security proxy server, the request is redirected to an error page.
 
Download Description
PK34390 resolves the following problem:

ERROR DESCRIPTION:
This issue is newly observed after applying PK27074. As a design change of PK27074, When Trust Association Intercepters(TAI) is enabled and a form login page is configured by the application deployment descriptor, incoming requests, which do not have TAI header information, are always redirected to the error page. These requests needs to be redirected to the login page.

The expected behavior should be as follows:
1) If TAI doesn't handle request, then the request redirects to the login page.
2) If TAI handles the request and returns Subject or user name, but IBM WebSphere Application Server fails to map the user, then the request redirects to the error page.

Exception in the trace file.

[10/17/06 17:49:28:971 CEST] 0000006f TrustAssociat < getInterceptor Exit
[10/17/06 17:49:28:971 CEST] 0000006f WebAuthentica < handleTrustAssociation: (null user) Exit
[10/17/06 17:49:28:971 CEST] 0000006f WebAuthentica 3
Redirect to the error page: /root/error.jsp?errorCode=V4GENERAL_0003
[10/17/06 17:49:28:971 CEST] 0000006f WebAuthentica < authenticate Exit
[10/17/06 17:49:28:971 CEST] 0000006f WebCollaborat 3 redirecting to another url
[10/17/06 17:49:28:971 CEST] 0000006f RedirectReply 3 Security redirect code set to: 302
[10/17/06 17:49:28:971 CEST] 0000006f WebCollaborat < checkAuthStatus Exit
com.ibm.ws.security.web.RedirectReply@60297803
[10/17/06 17:49:28:971 CEST] 0000006f WebCollaborat < authorize Exit
com.ibm.ws.security.web.RedirectReply@60297803
[10/17/06 17:49:28:971 CEST] 0000006f EJSWebCollabo > handleException Entry
com.ibm.ws.webcontainer.srt.SRTServletRequest@feff838
com.ibm.ws.webcontainer.srt.SRTServletResponse@e89b838
com.ibm.ws.security.web.WebSecurityException:
/root/error.jsp?errorCode=V4GENERAL_0003
at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:307)
at com.ibm.ws.webcontainer.webapp.WebAppSecurityCollaborator.preInvoke(WebAppSecurityCollaborator.java:137)


LOCAL FIX:
N/A

PROBLEM SUMMAR

USERS AFFECTED:
WebSphere Application Server version 6 users who are using Trust Association Interceptors.

PROBLEM DESCRIPTION:
When an unauthenticated HTTP request comes without passing through a security proxy server, the request is redirected to an error page.

RECOMMENDATION:
None


The security code treats incoming requests, which do not have any attributes of Trust Association Interceptors, as an error condition. When this condition happens, Application Server redirects such requests to the error page. As a result, there is no way to access protected resources without passing through a security proxy server, because Application Server doesn't redirect such requests to a login page.

Note that this problem happens on Application Server version 6.0.2.13 or later, and 6.1.0.3 or later.

PROBLEM CONCLUSION:
With this fix, when a request does not have any attributes for TAI, Application Server redirects it to a login page.

The fix for this APAR is currently targeted for inclusion in fixpack 6.0.2.19 and 6.1.0.7. Please refer to the

Recommended Updates page for delivery information:
http://www-1.ibm.com/support/docview.wss?uid=swg27004980
 
Prerequisites
None
 
 
Installation Instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
ReadmeUS English9633
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
6.1.0.5-WS-WAS-IFPK3439001-30-2007US English20037FTPDD
6.0.2.15-WS-WAS-IFPK3439001-30-2007US English21297FTPDD
6.0.2.17-WS-WAS-IFPK3439001-30-2007US English18738FTPDD
6.1.0.3-WS-WAS-IFPK3439001-30-2007US English19775FTPDD
 
Technical support
Contact IBM Support using SR (http://www-306.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV(U.S. only).
 
Cross Reference information
Segment Product Component Platform Version Edition
Application ServersRuntimes for Java TechnologyJava SDK
Problems (APARS) fixed
PK34390
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Application Servers
 Distributed Application & Web Servers
 WebSphere Application Server
 Security
 Operating system(s):
  AIX, HP-UX, IBM i, Linux, Linux Red Hat - pSeries, Linux pSeries, Linux zSeries, Solaris, Windows
 Software version:
  6.0.2.15, 6.0.2.17, 6.1.0.3, 6.1.0.5
 Software edition:
  Base, Express, Network Deployment
 Reference #:
  4015036
 IBM Group:
 Software Group
 Modified date:
 2007-02-23

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.