IBM Support

PI41006: FLUSHING OF INJECTED CONTENT WITHIN WORKLIGHTPROTOCOLCHALLENGESENDER IS NOT SAFE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Some custom / OOTB challenges that use content injection (with a
    200 code response) will cause an exception that will appear in
    the log.
    In some scenarios, the injected content might not be flushed at
    all
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * Users who use an authenticator with                          *
    * response.getOutputStream() in order to inject the response   *
    * data                                                         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * For injecting data you may use response.getOutputStream() OR *
    * response.getWriter(), but never both.                        *
    * When one is used, the other will throw an exception.         *
    * Previous code assumed response.getWriter() is the chosen     *
    * method, so if the other was used an exception would've been  *
    * thrown                                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * -                                                            *
    ****************************************************************
    

Problem conclusion

  • Now supporting both methods of response injection
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI41006

  • Reported component name

    WL/MFPF CONSUME

  • Reported component ID

    5725I4301

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-05-13

  • Closed date

    2015-06-09

  • Last modified date

    2015-06-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WL/MFPF CONSUME

  • Fixed component ID

    5725I4301

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"700","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
14 October 2021