IBM Support

IT32361: WHILE SEARCHING FOR SCHEDULES, IF THE PERCENTAGE CHARACTER % IS ENTERED, THE UI SESSION TIMES OUT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • When searching for schedules, if the percent character is used
as a wild card parameter, the resulting search list can result
in problems enabling or disabling schedules. The screen will
either timeout or return a Bad Request, if the enable or disable
button is pressed, after searching with the % character.
Searches with out the % character are successful, and do not
have this problem.

Local fix

  • B2BISFG-51770

Problem summary

  • Users Affected:

All

 Problem Description:

UI session times out or reports Bad Request when disabling or
enabling a schedule, if the schedule search included the percent
character, %.



The Jetty and sci logs include the errors:



2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
2020-02-13 17:48:22,221:ERROR :qtp1406676657-3063: exception in
authenticating csrf token [system]: SCUIcsrfFilter

[2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
2020-02-13 17:48:22,222:ERROR :qtp1406676657-3063:
[1581616102222] 400: Unable to parse URI query [system]:
SCUIcsrfFilter

[2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
2020-02-13 17:48:22,222:ERRORDTL:qtp1406676657-3063:
[1581616102222]org.eclipse.jetty.http.BadMessageException: 400:
Unable to parse URI query

at
org.eclipse.jetty.server.Request.getParameters(Request.java:405)

at
org.eclipse.jetty.server.Request.getParameter(Request.java:1025)

at
com.sterlingcommerce.security.csrf.SCUIcsrfHelper._validate(SCUI
csrfHelper.java:75)

at
com.sterlingcommerce.security.csrf.SCUIcsrfTokenValidator.valida
te(SCUIcsrfTokenValidator.java:66)

at
com.sterlingcommerce.security.csrf.SCUIcsrfFilter.validateReques
t(SCUIcsrfFilter.java:143)

at
com.sterlingcommerce.security.csrf.SCUIcsrfFilter.doFilter(SCUIc
srfFilter.java:62)



Platforms Affected:

All

Problem conclusion

  •   Resolution Summary:
A code fix is provided.
Changed the Enable/Disable button URL to encode the
search string, so it is CSRF safe.



Delivered in:



6000203

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT32361
    • 

  • Reported component name
    STR B2B INTEGRA
    • 

  • Reported component ID
    5725D0600
    • 

  • Reported release
    602
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-03-30
    • 

  • Closed date
    2020-11-26
    • 

  • Last modified date
    2020-12-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    STR B2B INTEGRA
    • 

  • Fixed component ID
    5725D0600
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"602"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 December 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback