IBM Support

IT32361: WHILE SEARCHING FOR SCHEDULES, IF THE PERCENTAGE CHARACTER % IS ENTERED, THE UI SESSION TIMES OUT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • When searching for schedules, if the percent character is used
    as a wild card parameter, the resulting search list can result
    in problems enabling or disabling schedules. The screen will
    either timeout or return a Bad Request, if the enable or disable
    button is pressed, after searching with the % character.
    Searches with out the % character are successful, and do not
    have this problem.
    

Local fix

  • B2BISFG-51770
    

Problem summary

  • Users Affected:
    
    All
    
     Problem Description:
    
    UI session times out or reports Bad Request when disabling or
    enabling a schedule, if the schedule search included the percent
    character, %.
    
    
    
    The Jetty and sci logs include the errors:
    
    
    
    2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
    2020-02-13 17:48:22,221:ERROR :qtp1406676657-3063: exception in
    authenticating csrf token [system]: SCUIcsrfFilter
    
    [2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
    2020-02-13 17:48:22,222:ERROR :qtp1406676657-3063:
    [1581616102222] 400: Unable to parse URI query [system]:
    SCUIcsrfFilter
    
    [2020-02-13 17:48:22.222] ALL 000000000000 GLOBAL_SCOPE
    2020-02-13 17:48:22,222:ERRORDTL:qtp1406676657-3063:
    [1581616102222]org.eclipse.jetty.http.BadMessageException: 400:
    Unable to parse URI query
    
    at
    org.eclipse.jetty.server.Request.getParameters(Request.java:405)
    
    at
    org.eclipse.jetty.server.Request.getParameter(Request.java:1025)
    
    at
    com.sterlingcommerce.security.csrf.SCUIcsrfHelper._validate(SCUI
    csrfHelper.java:75)
    
    at
    com.sterlingcommerce.security.csrf.SCUIcsrfTokenValidator.valida
    te(SCUIcsrfTokenValidator.java:66)
    
    at
    com.sterlingcommerce.security.csrf.SCUIcsrfFilter.validateReques
    t(SCUIcsrfFilter.java:143)
    
    at
    com.sterlingcommerce.security.csrf.SCUIcsrfFilter.doFilter(SCUIc
    srfFilter.java:62)
    
    
    
    Platforms Affected:
    
    All
    

Problem conclusion

  •   Resolution Summary:
    A code fix is provided.
    Changed the Enable/Disable button URL to encode the
    search string, so it is CSRF safe.
    
    
    
    Delivered in:
    
    
    
    6000203
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT32361

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    602

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-03-30

  • Closed date

    2020-11-26

  • Last modified date

    2020-12-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"602"}]

Document Information

Modified date:
02 December 2020