IBM Support

PM93051: LIBERTY PROFILE DOESN'T NOT IMPLEMENT JEE 3.0 HTTPSERVLETREQUEST LOGOUT CORRECTLY.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Liberty Profile doesn't implement JEE 3.0
    HttpServletRequest logout correctly.
    
    An example of the scenario of re-producing the defect in Liberty
    Profile:
    ----------------------------------------------------------------
    1) Assume that a request coming into a protected servlet has
    already been authenticated, such that request.getRemoteUser()
    returns "myUserId".
    2) On handling that incoming request, the servlet calls
    request.logout().  After the execution of request.logout(),
    request.getRemoteUser() is inspected to show that it returns
    null.
    3) Following request.logout(), on the same request,
    request.authenticate(...) is called.  It returns "true".  The
    expectation is that it returns "false", as request.logout() was
    just called.
    4) After the execution of this line, request.getRemoteUser() is
    inspected to show that it returns "myUserId".
    
    The expectation above is that "3" returns false.  That's the
    defect in Liberty profile - authenticate() following logout()
    should return true.
    

Local fix

  • N/A.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of Websphere Application Server   *
    *                  Liberty Profile.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION: It noted that Websphere Application     *
    *                      Server Liberty Profile, does not        *
    *                      implement JEE 3.0 Logout Request        *
    *                      Correctly.                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    It noted that Websphere Application Server Liberty Profile,
    does not implement JEE 3.0 Logout Request correctly.  The
    wrong value is sent back for the logout request.
    

Problem conclusion

  • After reviewing the code, we identified the problem with the
    implementation of the logout request. The code was updated in
    order to fix it.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.1.  Please refer to
    the Recommended Updates page for delivery information:
    
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM93051

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2013-07-16

  • Closed date

    2013-07-31

  • Last modified date

    2013-07-31

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
12 January 2022