IBM Support

PQ72323: USING A 302 HTTP REDIRECT WITH AUTHORIZATION AND SERVICE EXIT CAN CAUSE THE SERVICE EXIT TO BE INVOKED IMPROPERLY.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In the HTTP Server, if a service exit matches a request template
and an authorization exit is used to set a 302 return code, the
service exit is invoked improperly.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: Users of HTTP Server for OS/390 and z/OS     *
*                 who want to use the authorization exit to    *
*                 cause redirection, who also use service      *
*                 exits.                                       *
****************************************************************
* PROBLEM DESCRIPTION: When an authorization exit returns a    *
*                      302 response code and a service exit    *
*                      has already been identified as the      *
*                      method of satisfying the request, the   *
*                      server invokes the service exit         *
*                      despite the response code from the      *
*                      authorization exit.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When an authorization exit returns a 302 response code and a
service exit has been identified as the method of satisfying
the request, the server invokes the service exit despite the
response code from the authorization exit.

    



Problem conclusion


    

  • PQ71298 had expanded capabilities for authorization exits to
allow them to cause redirection for requests which would have
been satisfied by use of Pass or Exec rules, but PQ71298 did
not enable this for requests using service exits.
This APAR extends the ability of the authorization exit by
allowing it to return a redirect (code 302) for those requests
also. Furthermore, this APAR enforces a rule that internal
redirection is not used when an authorization exit is used to
cause redirection.

5697D4300 LDGW for OS/390  Version 5 (5.3 only)

PTFR2
The code changes are stored in CMVC under defect PQ72323.

* Cross Reference between External and Internal Names

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PQ72323
    • 

  • Reported component name
    DGW/WAS OS/390
    • 

  • Reported component ID
    5697D4300
    • 

  • Reported release
    530
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2003-03-21
    • 

  • Closed date
    2003-04-14
    • 

  • Last modified date
    2003-05-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • IMWGSIPC IMWJAV   IMWJJAVA IMWJPR   IMWLDAP
IMWLSEM4 IMWLSNPL IMWSACL  IMWSAFIL IMWSAPID IMWSAPIP IMWSAPRO
IMWSARGV IMWSASRV IMWSAUTH IMWSCACH IMWSCACP IMWSCCHI IMWSCLC
IMWSCONF IMWSCONS IMWSDAPI IMWSDMDR IMWSDOGC IMWSDSTR IMWSDVAR
IMWSENTY IMWSENV  IMWSFCGI IMWSFNM  IMWSGC   IMWSGLOB IMWSGRP
IMWSHBF  IMWSHEAD IMWSHTHP IMWSIFMS IMWSIMGE IMWSIMS  IMWSIUMS
IMWSJAPI IMWSJBE  IMWSJCFG IMWSJTHD IMWSKILL IMWSLEX  IMWSLOAD
IMWSLOG  IMWSLOOP IMWSLSTT IMWSMETH IMWSNS   IMWSOSMF IMWSPCA
IMWSPCSP IMWSPDB  IMWSPERF IMWSPEV  IMWSPF   IMWSPICS IMWSPL
IMWSPRD  IMWSPW   IMWSQUEU IMWSREQ  IMWSRLDB IMWSRNGE IMWSRSP
IMWSRSRT IMWSRTRC IMWSRTRV IMWSSCRP IMWSSECP IMWSSGNL IMWSSIO
IMWSSIPC IMWSSNMP IMWSSRC  IMWSSRER IMWSSRVR IMWSSSI  IMWSSTAT
IMWSSTBD IMWSSTHD IMWSSUTL IMWSTEC  IMWSTIMR IMWSUID  IMWSUIDU
IMWSURDB IMWSUSRI

    



Fix information


    

  • Fixed component name
    DGW/WAS OS/390
    • 

  • Fixed component ID
    5697D4300
    • 



Applicable component levels


    

  • R530  PSY  UQ75965
       UP03/04/18  P  F304
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 May 2003
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback