Direct links to fixes
APAR status
Closed as program error.
Error description
Empty J_SECURITY_CHECK page may be displayed when trying to access the Process Center or Process Admin console. The following exception is seen in the SystemOut.log: "wle_servlet E CrossSiteRequestForgeryFilter doFilter Cross-Site Request Forgery threat identified, session not found"
Local fix
*Disclaimer*: This workaround is only intended to be temporary until the fix is applied as its possible other fixes will overwrite the changes. Sections that need to be commented out: ---- <filter> <description>Blocks Cross Site Request Forgery threats</description> <filter-name>crossSiteRequestForgery</filter-name> <filter-class>com.lombardisoftware.servlet.CrossSiteRequestForge ryFilter </filter-class> </filter> ---- <filter-mapping> <filter-name>crossSiteRequestForgery</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping> ---- 1. Comment out the "crossSiteRequestForgery" filter and filter-mapping in the web.xml for the Process Center application. a. Edit the web.xml in the location: /$install_root/profiles/$node_name/config/cells/$cell_name/appli cations/IBM_BPM_Repository_SingleCluster.ear/deployments/IBM_BPM _Repository_SingleCluster/repository.war/WEB-INF/web.xml b. Comment out the "crossSiteRequestForgery" filter and filter-mapping element. 2. Comment out the "crossSiteRequestForgery" filter-mapping in the web.xml for the Process Admin application. a. Edit the web.xml in the location: /$install_root/profiles/$node_name/config/cells/$cell_name/appli cations/IBM_BPM_ProcessAdmin_SingleCluster.ear/deployments/IBM_B PM_ProcessAdmin_SingleCluster/ProcessAdmin.war/WEB-INF/web.xml b. Comment out the "crossSiteRequestForgery" filter-mapping element. 3. Apply the same changes on the DMGR. Replace $node_name with $dmgr_name. 4. Restart the DMGR and Nodes. 5. Clear the cache in the client brower that will be retesting the issue.
Problem summary
ERROR DESCRIPTION - When you log in to the Process Center console or the Process Admin console, the browser is redirected to http://localhost:9080/ProcessCenter/j_security_check and a blank page is displayed. PRODUCTS AFFECTED IBM Business Process Manager (BPM) Advanced IBM BPM Standard IBM BPM Express LOCAL FIX - None PROBLEM SUMMARY This issue is a false Cross-Site Request Forgery threat and occurs when a session times out and you try to log in again. You can see the following log message in the SystemOut.log file: [5/17/13 7:48:34:559 CDT] 000000f4 wle_servlet E CrossSiteRequestForgeryFilter doFilter Cross-Site Request Forgery threat identified, session not found
Problem conclusion
A fix is available for IBM BPM V8.5.0.0. With the fix applied, the false Cross-Site Request Forgery threat is handled and the authentication is properly handled so you do not see a blank page. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR52490: 1.Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2.Select APAR or SPR, enter JR52490, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Comments
APAR Information
APAR number
JR52490
Reported component name
BPM STANDARD
Reported component ID
5725C9500
Reported release
801
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-02-03
Closed date
2015-04-02
Last modified date
2015-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM STANDARD
Fixed component ID
5725C9500
Applicable component levels
R855 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
15 October 2021