Sun Java System Web Server 7.0 Update 1 Release Notes

Resolved Issues

This section lists the issues resolved in Web Server 7.0 Update 1.

Problem ID 



Java LDAP connection pool interaction issue - initial connection is never timed out.

Specifying a Java LDAP connection pool through the JVM options in the server.xml file and referencing this with an external JNDI resource when the web server is started, creates a pooled LDAP connection. With this connection, it is always marked as busy and the connection never expires.


Values of 'mail-resource' sub elements are not getting set on mail session object.


NSAPIRequest.setupRequestFields is slow.

com.sun.webserver.connector.nsapi.NSAPIRequest.setupRequestFields is slow primarily because of excessive String-->byte and byte-->String conversion when parsing Cookie headers.


The servlet container does not use accelerator cache when processing RequestDispatcher includes.


On Windows, dynamic reloading of JSP produces incorrect output.


ssl-check is not working with NSAPI based plug-in.

"PathCheck fn="ssl-check" secret-keysize=128 bong file="xxxxx.yyy.html" 

For static file requests, if the secret-keysize of the client is less than the size specified by the server and a bong file is present, then the bong file is sent back as the response. However, requests for dynamic content (for example, JSP files) return the actual requested object (for example, the JSP file) rather than the bong file.


Problem having server-parsed HTML (ParseHTML) and .htaccess with restricted group option.

Authentication succeeds when parsing through a HTML file which has the shtml include entries and is configured to authenticate through .htaccess which has the "restricted by group" option enabled. If the group user gets authenticated, then the result page does not get shtml include entries. This however works fine with the user in .htaccess file has "restricted by user" option.


SSL session cache cannot be disabled.

Session cache is enabled by default. When the session cache is disabled and URL is accessed through the HTTPs protocol, the URL does not go through and the server log displays an error message indicating that the SSL cannot be configured without session-cache.


Samples refer to "Sun ONE" instead of "Sun Java System".

The servlet sample,, co-packaged with Web Server 7.0 refers to “SunONE” instead of “Sun Java System”.


sampleapps/java/webapps/simple docs invalid.

The documents for a simple sample application shows an incorrect pathname. The path should be install_dir/plugins/java/samples/webapps/simple/src instead of install_dir/samples/java/webapps/simple/src.


No CLI support to configure FastCGI. Need to manually edit obj.conf or magnus.conf files to configure FastCGI.


Memory leak found in FastCGI.


Admin Console online help needs to be updated.

The online help needs to be updated for the following:  

  1. Context-based help should be provided.

  2. All screens must have a corresponding help page.

  3. Help pages must reflect the changes in the GUI.

  4. Inconsistent usage of terminology between the GUI and online help.

  5. Fix grammatical errors.

  6. Detailed description for some topics.


Mismatch between online help and the Admin Console.


Missing help file under config tokens page.

Common Tasks > Edit Configuration > Certificates > PKCS11 Tokens, the help file for this screen is missing. 


Cannot dynamically reconfigure HTTP listener family. The Instance does not start on setting the protocol family to nca.


<listen-queue-size> upper bound is set to 65535, which is too small. Need to increase the <listen-queue-size> upper bound.


Incorrect ObjectType fn="force_type" added in object cgi on creation of new cgi directory.

When creating a new cgi directory, an incorrect object type force_type is added to the obj.conf file.


On Windows, dialog box to enter the token password appears on restarting an instance after the deployment. This behavior is not see on other platforms.


On Windows, wadm does not update classpath correctly if classpath contains a semicolon (;)

The semicolon in tcl is interpreted as a command terminator, which is used to group multiple commands in a single line. On Windows, semicolon is used as a path separator.


SNMP Management Information Base (MIB) for "iwsFractionSysMemUsage" does not show correct results

SNMP MIB "Fraction of process memory in system memory" which is part of iws.mib gives wrong results when queried by the SNMP manager utility.


Incorrect error message is displayed if you execute the list-tokens command without specifying the configuration value.


Incorrect error message is displayed if you execute the list-authdb-userprops command without specifying the authdb value.


No error message is displayed if you execute the get-ssl-prop command with an invalid http-listener value.


Cannot edit the MIME types using the Admin Console.


Displays an improper message when you stop an instance that does not exist.

An error message `Successfully stopped the server instance' is displayed if you try to stop an instance that does not exist. 


wadm allows you to create a configuration with a negative port number.


Incorrect error message is displayed if you execute the create-cert-request command with an invalid key-size value.


The delete-group command displays an incorrect error message if you specify an invalid group value.


No error message is displayed when you execute the list-group-members command with an invalid group-ID value.


Cannot set the rewrite-location properties using the set-reverse-proxy-prop command.

You cannot set the -rewrite-location property to false. The value specified for the -rewrite-location is not validated. For example, specifying the = symbol for the i-rewrite-location option corrupts the obj.conf file and results in parser error.


The set-token-prop command sets wrong passwords in the server.xml file even if the token pin has not been specified.


Incorrect error message is displayed on LDAP user creation failure.


If an invalid node name is specified while deleting an instance, an incorrect error message is displayed.


The register-node command runs successfully with non SSL port only in shell mode.

In shell mode, typing the register-node command with the -no-ssloption registers the node successfully as the command is falsely executed in the SSL mode.


The get-jvm-prop command does not print the command when echo is enabled in shell mode.


Incorrect error messages are displayed when you execute the list-locks and expire-lock commands.


A 'null' message is displayed if you execute the list-instances, list-crls, list-tokens, and list-certs commands without specifying the configuration name.


The error message for the list-url-redirects command is not localized.


wadm prompts for a token pin if you specify an invalid configuration name while trying to delete an existing certificate.


While creating an HTTP listener using the CLI, the create-http-listener command creates a listener with null value as name.


If you do not specify a virtual server while executing the list-dav-collections command, an incorrect error message is displayed.


If you do not specify the authentication database while executing the list-users, list-org-units, list-groups, and list-group-members commands, an incorrect error message is displayed.


If you do not specify a virtual server while executing the list-uri-patterns command, an incorrect error message is displayed.


If you do not specify a JNDI name or specify an invalid JNDI name while executing the list-jdbc-resource-userprops, list-soap-auth-provider-userprops, list-auth-realm-userprops, list-external-jndi-resource-userprops, list-custom-resource-userprops commands, an incorrect error message is displayed.


Error message given when entering invalid wadm command is misleading.

When you type an invalid command, an error message “Invalid command <command name>. Use "help" command for a list of valid commands.” is displayed. The help man page does not contain a list of valid command. Therefore this error message is misleading. 


The create-user command usage for the LDAP authentication database is ambiguous.


The set-cert-trust-prop command accepts incorrect properties and does not show proper error message.


Administration Server does not validate the password length and mechanism support of the given token.


Certificate with same server name as existing certificate cannot be created with the same nickname.


Virtual Server Web Applications page title help is incorrect.


Prompt to enter token pin while starting instance should not appear if configuration has not been deployed.


Admin Console does not provide an option to edit document directories and CGI records.


Admin Console should have a tab to add and edit MIME mappings at the Virtual server level.


`Current Password' field in the Nodes -> Select Administration Server-> Certificates -> Token Password Management page should be disabled if no token password has been set for the administrator.


Unable to configure uri-pattern specific configurations using the Admin Console.


Admin Console displays invalid properties when custom authentication database user properties are created through Administration CLI.


The Admin Console Migrate wizard creates multiple configurations if you click the Finish button multiple times.


Admin Console has 508 compliance issues.


User selection process in the Common Tasks->Edit Virtual Server->WebDAV->New page needs validation.


Installed CRL should have a meaningful name.


Administration CLI should support URIs, URI prefixes, URI wildcard patterns, and URI regular expressions for all commands that operate on URI space.


Search schedule events do not work from the Admin Console.


64–bit instance does not start on 32–bit remote node.


When a server certificate with data in non-DER format is installed, an incorrect error message is displayed.


Exceptions in Certificate Installation wizard not clear.


No validation exists for 'Java Home' field; accepts invalid data.


HTTP Listener field accepts names with spaces. This is invalid.


Unable to edit MIME types either using the Admin Console or the CLI.


GUI and CLI accept Web Server 7.0's server root for migration

The Admin Console and the CLI accept the Web Server 7.0 path instead of Web Server 6.1 or Web Server 6.0 path during migration. Web Server 7.0 path is not a valid path for the server-root property in the migrate-server command.


Default and null values get stored in obj.conf when a new configuration is created and saved using the Admin Console.

Administration Server stores the values passed by the Admin Console into obj.conf file without any validation.


SaveConfigException displayed on CLI during set-authdb-prop.

If a nonexistent file path is provided to the path property for keyfile authdb by using the set-authdb-prop command, results in SaveConfigException instead of a File does not exist message.

See the error log for the Administration Server. 


At times, the execution of stop-admin command displays the "Admin Server Not Running" message when the Administration Server is actually running.


The get-cert-prop does not display only those properties mentioned in the <displayproperties> element.


Server error on trying to access a file in the cgi-bin directory.


wadm commands do not return valid error codes [0-125] when success or failure.


Session failover does not happen with RequestDispatcher include call.

While deploying two web applications on a cluster where the first application calls on the second application using the RequestDispatcher() include call, the persistence valves are not called during the RequestDispatcher()'s invoke() method, and session replication does not occur.


Incorrect load factor set for BaseCache.

Session replication does not support more than two web applications. 


Session replication fails to work on multiple web applications involving RequestDispatcher due to bad sequence.


Incorrect path is set on SR-intanceId cookie.

The SR-instanceId cookie should be set to the web application's path instead of the servlet's path.


The create-authdb command does not validate the URL at the time of the authentication database (authdb) creation. The create-authdb command successfully creates an authentication database with the wrong URL.


The get-error-log and the get-access-log commands displays cluttered and improper messages.


The wadm deploy fails to deploy the cluster configuration.

If any changes occur to the instance configuration files, manually or otherwise, the deploy-config command displays an error message stating that the instance has been modified.


No Admin Console is available to deploy web applications in user specific location.


Does not prompt for the token password when the instance is started from the wadm command prompt with a wrong token-pin.


Incorrect text in Groups settings page.

The text should read as “From this page you can add/remove user groups in the selected Authentication Database” instead of “From this page you add/remove user groups in the selected Authentication Database.” 


Incorrect message when you delete a JVM profiler.

The message should read as “Profiler deleted successfully” instead of “Profiler saved successfully”. 


Incorrect error message is displayed when you provide a wrong path while adding web application.


The window titles of the Admin Console wizards are not consistent.


Admin Console gives incorrect error message when you provide invalid Directory Server configuration values.


URI prefix of document directories is accepts the value without '\'.


The list-instances command lists the instances even if you do not specify the configuration value.


Token password changes made through the CLI is not reflected in GUI. It requires a browser refresh.


Migrating certificate with an invalid file path using the migrate-jks-keycert command, prompts the user to enter the keystore-password and the key-password.


The create-selfsigned-cert command allows you to define an inappropriate validity period while creating a server certificate.


The delete-cert command does not delete a certificate which is created with token "Sun Software PKCS#11 softtoken".


The list-events command output is not aligned.


dayofweek does not take "*" as an option.

For example, set an ACL as follows:  

acl "uri=/"; 
deny (all) dayofweek="*"; 
allow (all) dayofweek="Sat,Sun";

In this program, you are restricting access on all days of week except Saturday and Sunday. This program does not work as you can you can successfully access the ACL on a Monday. 


Admin Console should provide large text region for entering class path prefix, class path suffix, and native library path prefix.


Usability issues in the Install CRL page after incorrect file path is entered for CRL file on server.


The Instance->New page has incorrect title.


The Common Tasks->Select configuration ->Select Virtual Server ->Edit Virtual Server ->WebDAV->New page should have the Enter Users field only if the authentication database is PAM.


Admin Console allows you to create an ACE without entering user or group information for ACL. The check is not done if the authentication database is PAM.


Inline help for range of values accepted by Request Header Time-out text field is incorrect.


The Admin Console displays an exception when you create a duplicate record of a MIME types.


Deploying a new web application using the Admin console kills sessions for all existing web applications.


With delete instance option, instead of deleting the symbolic links, the uninstaller deletes files from symbolic links.


Crash detected when creating properties with empty URI pattern


htaccess rules can become corrupted in memory.

If a single .htaccess file has more than five allow or deny rules, it is possible that some of the rules may become corrupted in memory. If this occurs, some of the rules may be bypassed.


deploy-config fails when you modify JSPs or any other files in the webapps directory of the instance.

When using the pull-config either through the Admin Console or through the CLI, only the contents of the instance_dir/config directory is pulled into the config-store. In Web Server 7.0, when pull-config was used, the contents were pulled into instance_dir/config, instance_dir/lib, and instance_dir/web-app directories.


Front-end file accelerator cache.

Depending on ACLs and obj.conf configuration, a front end accelerator cache can service static file requests for URIs that were previously processed using NSAPI. The accelerator cache must work with the default configuration.


Output directives are not invoked for 0-byte files.

Output directives are not invoked for 0-length responses unless protocol_start_response() is called. send-file does not call protocol_start_response() function. Output directives are not invoked when sending 0-byte files.


Server crash with large output buffers.

If the output stream buffer size is bigger than the input buffer size, the server might attempt to buffer data at an invalid address. The default input buffer size is 8192 bytes.  


Cannot disable access logging in default server instance.

The value of the <access-log> <enabled> element is ignored in the server.xml file.


Accelerator cache does not handle ssl-unclean-shutdown properly.

The accelerator cache does not interact correctly with the AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true" directive in the default configuration. When such a directive is present, the accelerator cache applies the "unclean shutdown" setting to every connection, regardless of the browser used.


On HP-UX, SNMP fails for some oid values.


Due to lack of the HP-UX API support and complexity, network in and out traffic statistics is not implemented. Use HP tools for monitoring the traffic statistics. 


The AdminException messages displayed on the Admin Console are not localized.


Displays incorrect characters in search results on the left panel of online help on non-English locales.


Localized online help content have some differences from the English version.


Web Server fails to start when HTTP listener protocol family="nca" is used for Solaris SPARC, Linux and HP-UX platforms.

Web Server instance does not restart on setting the Protocol-Family property to nca in the EditHTTPListener wizard.