APAR status
Closed as program error.
Error description
Summary: Anonymous users are confronted with a blank page when rendering expired content they don't have access to. Problem: When an anonymous user attempts to render an expired content item they don't have read access to via the WCM servlet, a blank page is presented to the user. This is incorrect - a 404 Error page should be presented. Analysis: The content item to be rendered is retrieved using system level access. In order to determine if it is published, a method isPublished() in WorkflowUtils is called. This attempts to retrieve the WorkflowControl and SecurityControl on the content item and will fail because the anonymous user does not have access to the content item. The code implicitly then assumes that because the item does not have a workflow control and SecurityControl, it is published and that everyone has read access to it which is incorrect. Solution: The content has already been retrieved with system level access. To check whether its is published, we simply check it on the content that has been retrieved as aforementioned. This will reveal that it is expired and will trigger an exception which will cause a HTTP response code of 404 to be returned to the client.
Local fix
Problem summary
Users Affected: All Java Edition LWWCM users Problem Decsription: When an anonymous user attempts to render an expired content item they don't have read access to via the WCM servlet, a blank page is presented to the user. This is incorrect - a 404 Error page should be presented.
Problem conclusion
The content item to be rendered is retrieved using system level access. In order to determine if it is published, a method isPublished() in WorkflowUtils is called. This attempts to retrieve the WorkflowControl and SecurityControl on the content item and will fail because the anonymous user does not have access to the content item. The code implicitly then assumes that because the item does not have a workflow control and SecurityControl, it is published and that everyone has read access to it which is incorrect. The content has already been retrieved with system level access. To check whether its is published, we simply check it on the content that has been retrieved as aforementioned. This will reveal that it is expired and will trigger an exception which will cause a HTTP response code of 404 to be returned to the client. This fix applies to WCM release 6012 An interim fix for this APAR is available from Fix Central at: http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde r?brandid=2&productid=Workplace%20Web%20Content%20Management&fix es=6.0.1.2-WCM-PK58563 You will need to cut/paste the entire URL into a browser to resolve the address.
Temporary fix
Comments
APAR Information
APAR number
PK58563
Reported component name
WRKPLC WEB CON
Reported component ID
5724I2900
Reported release
60F
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-12-21
Closed date
2008-03-13
Last modified date
2008-03-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WRKPLC WEB CON
Fixed component ID
5724I2900
Applicable component levels
R601 PSY
UP
[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1.2","Edition":"","Line of Business":{"code":null,"label":null}}]
Document Information
Modified date:
10 September 2020