APAR status
Closed as program error.
Error description
Liberty Java batch (JSR352) is configured in a multi-JVM configuration on z/OS and there is a firewall which restricts access to the Liberty dispatcher and executor to traffic that comes through one or more IBM HTTP Servers (IHS) also running on z/OS. In summary, the AdminCenter and Java batch tool are deployed in the dispatchers and we want to use the Java batch tool to display joblogs of completed jobs. When we click on the link to display a joblog it fails since request tries to go directly to network protected server. Current implementation of the REST request to retrieve the joblog is an HTTP re-direct (HTTP 302) which contains the local hostname of the executor server that owns the joblog. When the browser tried to re-direct this REST request the firewall prevents it from going directly from the browser to the Liberty batch executor server.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty- Batch * **************************************************************** * PROBLEM DESCRIPTION: Liberty Batch REST requests may fail if * * HTTP redirect cannot be completed * **************************************************************** * RECOMMENDATION: * **************************************************************** In a Liberty Batch environment, some REST functions must be executed on the specific Liberty server that ran or is running a particular job. These include stopping an active job, retrieving job log files, and job log purge. When such a REST request is instead handled by a different Liberty server, an HTTP redirect is issued to relocate the request to the correct server. In some network configurations with certain firewall and/or proxying elements, this redirect request may fail, preventing access to REST functions on other servers.
Problem conclusion
This APAR introduces a new path to complete Batch REST requests that must go to another Liberty server. If an SSL connection can be made to the destination server from the server to first handle the request, then a new connection will be used to complete the request instead of an HTTP redirect. Adding the parameter "permitRedirect=true" to any Batch REST request will cause this new path to be ignored, in cases where the HTTP redirect is preferred. The fix for this APAR is currently targeted for inclusion in fix pack 18.0.0.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI87244
Reported component name
LIBERTY PROF -
Reported component ID
5655W6514
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-09-13
Closed date
2018-11-19
Last modified date
2018-11-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
LIBERTY PROF -
Fixed component ID
5655W6514
Applicable component levels
RCD0 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"CD0"}]
Document Information
Modified date:
08 September 2021