PK77465; setting disablesecuritypreinvokeonfilters causes a security exposure.

Download

Abstract

Setting the WebContainer custom propery disablesecuritypreinvokeonfilters causes a security exposure.

Download Description

PK77465 resolves the following problem:

ERROR DESCRIPTION:
Setting the WebContainer custom property disablesecuritypreinvokeonfilters may result in Sign-on not be required for a secure URL. The custom property is required by some customers who use Single Sign-on (SSO) with SPNEGO.

LOCAL FIX:
None.

PROBLEM SUMMARY

USERS AFFECTED:
IBM WebSphere Application Server Version 6.1 and 7.0 Users of Single Sign-on (SSO) with SPNEGO.

PROBLEM DESCRIPTION:

RECOMMENDATION:
None

The WebContainer custom property was introduced by PK42868 to prevent a problem in which a SPNEGO TAI was called twice for the same request. However setting the property may result in Sign-on not be required for a secure URL.

PROBLEM CONCLUSION:
The WebContainer custom property has been removed and the WebContainer has been updated to ensure that a SPENGO TAI is called once for each request.

The fix for this APAR is currently targeted for inclusion in Fix Packs 6.1.0.25 and 7.0.0.5. Please refer to the
Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Change History
Last Updated: 23 October 2009

23 October 2009: Added fixes for 6.1.0.23, 7.0.0.1, 7.0.0.3

Prerequisites

Download the UpdateInstaller below to install this fix.

[{"PRLabel":"UpdateInstaller","PRLang":"US English","PRSize":"7250000","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991"}]

Installation Instructions

Review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"11626","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK77465//readme.txt"}]

Off

          [{"DNLabel":"6.1.0.19-WS-WAS-IFPK77465","DNDate":"3/5/2009","DNLang":"US English","DNSize":"72714","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK77465/6.1.0.19-WS-WAS-IFPK77465.zip","DNURL_FTP":" ","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK77465/6.1.0.19-WS-WAS-IFPK77465.zip"},{"DNLabel":"6.1.0.23-WS-WAS-IFPK77465","DNDate":"10/23/2009","DNLang":"US English","DNSize":"75201","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK77465/6.1.0.23-WS-WAS-IFPK77465.zip","DNURL_FTP":" ","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK77465/6.1.0.23-WS-WAS-IFPK77465.zip"},{"DNLabel":"7.0.0.1-WS-WAS-IFPK77465","DNDate":"10/23/2009","DNLang":"US English","DNSize":"47380","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK77465/7.0.0.1-WS-WAS-IFPK77465.pak","DNURL_FTP":" ","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK77465/7.0.0.1-WS-WAS-IFPK77465.pak"},{"DNLabel":"7.0.0.3-WS-WAS-IFPK77465","DNDate":"10/23/2009","DNLang":"US English","DNSize":"47347","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PK77465/7.0.0.3-WS-WAS-IFPK77465.pak","DNURL_FTP":" ","DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/fixes/PK77465/7.0.0.3-WS-WAS-IFPK77465.pak"}]
          

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server Support Web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Servlet Engine\/Web Container","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0.3;7.0.0.1;6.1.0.23;6.1.0.19","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB36","label":"IBM Automation"}},{"Product":{"code":"SS7JFU","label":"WebSphere Application Server - Express"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"","label":"i5\/OS"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.0.0.3;7.0.0.1;6.1.0.23;6.1.0.19","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PK77465

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg24022479

Tips