Problem Note 20856: UrlReplayBlockerFilter: SECURITY ACCESS VIOLATION message reported in
the Managed Server Log for Solutions
After you apply the current version of any the following hot fixes:
913WEBINFRAKIT
31WEBOLAPVR
31CITATNWEB
31WEBRPTVR
SAS® Financial Management, SAS® Strategic Performance Management, SAS®
Human Capital Management and the Campaign Web Studio interface for
SAS® Marketing Automation might generate messages like the following
in the Managed Server log for those applications.
** UrlReplayBlockerFilter: SECURITY ACCESS VIOLATION **
The requested URL (/Portal
can only be directly accessed from another SAS application, typically
the SAS Information Delivery Portal
** UrlReplayBlockerFilter: SECURITY ACCESS VIOLATION **
The requested URL (/Portal
can only be directly accessed from another SAS application, typically
the SAS Information Delivery Portal
In addition to the messages above, users will not be able to navigate
throughout the products as needed because the URLs are not being
processed correctly.
This is a result of a fix to the problem documented in SN-020591
included in the hot fixes listed above.
To disable the fix that generates the messages and to return to the
pre-hot fix behavior, remove the UrlReplayBlocker filter and filter-
mapping entries in the files listed at the end of this document. Once
all the files have been modified, re-run the configuration and
deployment process. The two sections of code that need to be removed
are illustrated below.
PLEASE NOTE: By following these steps, the security fix documented in
SN-020591 will be disabled.
<filter>
<filter-name>UrlReplayBlocker</filter-name>
<filter-class>com.sas.webapp.servlet.filters.UrlReplayBlockerFilter</filter-class>
<!-- uncomment to allow bip session id pass through filter if there
is no SessionContext map id parameter 'saspfs_sessionrequest'
<init-param>
<param-name>less-secure</param-name>
<param-value>true</param-value>
</init-param>
-->
</filter>
and
<filter-mapping>
<filter-name>UrlReplayBlocker</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
For each of the hot fixes that have been applied to your system, the
following files should be modified using the instructions above:
913WEBINFRAKIT
<!SASHOME>/Web/Portal2.0.1/Portal/WEB-INF/web.xml.orig
<!SASHOME>/Web/Portal2.0.1/SASPreferences/WEB-INF/web.xml.orig
<!SASHOME>/Web/Portal2.0.1/SASStoredProcess/WEB-INF/web.xml.orig
31WEBOLAPVR
<!SASHOME>/SASWebOlapViewerforJava/3.1/SASWebOLAPViewer/WEB-INF/web.xmlhost.orig
<!SASHOME>/SASWebOlapViewerforJava/3.1/SASWebOLAPViewer/WEB-INF/web.xmltrusted.orig
31CITATNWEB
<!SASHOME>/SASWebReportStudio/3.1/code/WEB-INF/web.xml
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.host.tomcat
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.host.weblogic
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.host.websphere
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.trusted.tomcat
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.trusted.weblogic
<!SASHOME>/SASWebReportStudio/3.1/config/Source/Java/resources/web.xml.trusted.websphere
31WEBRPTVR
<!SASHOME>/SASWebReportViewer/3.1/code/WEB-INF/web.xml
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.host.tomcat
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.host.weblogic
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.host.websphere
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.trusted.tomcat
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.trusted.weblogic
<!SASHOME>/SASWebReportViewer/3.1/config/Source/Java/resources/web.xml.trusted.websphere
Note: If you apply a new hot fix for 913WEBINFRAKIT, 31WEBOLAPVR,
31CITATNWEB, or 31WEBRPTVR, the files you modify to allow the
UrlReplayBlocker filter to work with the specified solutions will be
overwritten. Keep this note for future reference so that you remember
to modify these files.
Operating System and Release Information
| SAS System | SAS Financial Management | Microsoft Windows 2000 Professional | 4.3 | | | |
| Microsoft Windows XP Professional | 4.3 | | | |
| Microsoft Windows NT Workstation | 4.3 | | | |
| Microsoft Windows XP 64-bit Edition | 4.3 | | | |
| Microsoft® Windows® for 64-Bit Itanium-based Systems | 4.3 | | | |
| Microsoft Windows Server 2003 Standard Edition | 4.3 | | | |
| Microsoft Windows Server 2003 Enterprise Edition | 4.3 | | | |
| Microsoft Windows Server 2003 Datacenter Edition | 4.3 | | | |
| Microsoft Windows 2000 Server | 4.3 | | | |
| Microsoft Windows 2000 Datacenter Server | 4.3 | | | |
| Microsoft Windows 2000 Advanced Server | 4.3 | | | |
| AIX | 4.3 | | | |
| 64-bit Enabled AIX | 4.3 | | | |
| SAS System | SAS Strategic Performance Management | Microsoft Windows 2000 Professional | 2.3 | | 9.1 TS1M3 | |
| 64-bit Enabled Solaris | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows Server 2003 Standard Edition | 2.3 | | 9.1 TS1M3 | |
| 64-bit Enabled AIX | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows XP Professional | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows Server 2003 Enterprise Edition | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows Server 2003 Datacenter Edition | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows NT Workstation | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows 2000 Server | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows 2000 Datacenter Server | 2.3 | | 9.1 TS1M3 | |
| Microsoft Windows 2000 Advanced Server | 2.3 | | 9.1 TS1M3 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2008-10-21 22:28:20 |
| Date Created: | 2007-08-24 12:16:42 |
