PK44945: WEB SERVICE REQUESTS MAY BE SENT OVER HTTPS INSTEAD OF HTTP WHEN WS-ATOMIC TRANSACTION IS USED WITH GLOBAL SECURITY ENABLED

Fixes are available

APAR status

Closed as program error.

Error description

In WebSphere Application Server V6, a web service client may
sent a request message over HTTPS rather than HTTP when global
security is enabled and WS-Atomic Transaction is used.  The
WebSphere WS-Atomic Transaction implementation needs to be fixed
so that request messages can be sent over HTTP when global
security is enabled.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: All IBM WebSphere Application Server users   *
*                 of Web Services - Atomic Transactions        *
*                 (WS-AT) on Distributed Platforms in a        *
*                 secure environment                           *
****************************************************************
* PROBLEM DESCRIPTION: Enabling WebSphere Application Server   *
*                      global security settings caused  WS-AT  *
*                      messages to be transmitted over HTTPS.  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The decision regarding whether to send WS-AT request messages
over HTTPS rather than HTTP is based on the global security
setting applied on the application server, and not related to
whether or not SSL was enabled on the chosen transport chain.

Problem conclusion

The decision as to whether to send the WS-AT messages over
HTTP or HTTPS was being made based on the WebSphere
Application Server global security settings, and ignoring the
security settings that were active on the transport chain
actually in use.

If WebSphere Application Server global security is enabled,
the assumption was being made that the WS-AT protocol messages
would also be sent secure - by default, the transaction service
will use the default secure Web container transport chain:
WCInboundDefaultSecure.  To use an alternate transport chain in
a secure environment, the WSTX_SECURE_TRANSPORT_CHAIN custom
property details which transport chain should be used.  While
WS-AT would use the defined chain in the secure environment,
it ignored the security settings in force on the specified
transport chain, causing the messages to be always sent over
HTTPS. Changes were made to ensure that HTTP or HTTPS is
selected based on the security settings in force on that
transport chain defined by the custom property.

As described in the Information Centre, the following custom
properties should be enabled to allow WS-AT to operate in a
secure environment :

DISABLE_PROTOCOL_SECURITY=TRUE
WSTX_SECURE_TRANSPORT_CHAIN=WCInboundDefault

The fix for this APAR is currently targeted for inclusion in
fixpack 6.0.2.21.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PK44945
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
60I
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-05-10
Closed date
2007-05-24
Last modified date
2007-05-31

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

PK45192

Modules/Macros

```
WSAT
```

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R60A PSY
UP
R60H PSY
UP
R60I PSY
UP
R60P PSY
UP
R60S PSY
UP
R60W PSY
UP
R60Z PSY
UP
R61A PSN
UP
R61H PSN
UP
R61I PSN
UP
R61P PSN
UP
R61S PSN
UP
R61W PSN
UP
R61Z PSN
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
19 October 2021

Tips

PK44945: WEB SERVICE REQUESTS MAY BE SENT OVER HTTPS INSTEAD OF HTTP WHEN WS-ATOMIC TRANSACTION IS USED WITH GLOBAL SECURITY ENABLED

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R60A PSY

R60H PSY

R60I PSY

R60P PSY

R60S PSY

R60W PSY

R60Z PSY

R61A PSN

R61H PSN

R61I PSN

R61P PSN

R61S PSN

R61W PSN

R61Z PSN

Document Information

Share your feedback

Need support?