000038038 - Validation URI JSP files do not work when uploaded to the secured JSP Pages section in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Oct 9, 2019Last modified by RSA Customer Support Employee on Oct 11, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000038038
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1
IssueStarting in RSA Identity Governance & Lifecycle 7.1.1, custom JSP files may be uploaded to either a secured (private) area or an external (public) area. The external area is meant for JSP files that are needed prior to the user logging in such as a password reset action. It is recommended that all other JSP files be uploaded to the secured area. In the user interface, go to Admin > User Interface > Files tab > JSP Pages / External JSP Pages > Upload.

In RSA Identity Governance & Lifecycle request forms, validation URIs that point to JSPs in the non-secured (external) area work as expected. However, if the validation URIs point to JSPs in the secured area, they fail to validate the input. 

The example below illustrates this issue. A JSP file called numeric_validate.jsp has been created to validate that the input to a request form text field be a number. This JSP file has been uploaded to both the secure area and the external area. The request form text field has a validation URI that points to the JSP file. When the validation URI points to the JSP file uploaded to the external area, the validation occurs. When the validation URI points to the JSP file uploaded to the secure area, the validation fails.
 

Contents of the JSP file:


<%
String value = request.getParameter("value");
if (!value.matches("[0-9]+")) {
out.println("Not a number!!");
}
%>

 

The JSP file has been uploaded to both the secure (JSP Pages) and external (External JSP Pages) areas:




 



User-added image 



User-added image


A request form has been defined with a single text field.



User-added image



Note that the text field has a validation URI defined that points to the JSP stored in the external area. This validation occurs correctly.



User-added image



User-added image

 

However, when the validation URI is modified to point to the JSP file stored in the secure area, the validation does not occur and the user is redirected to the home page.



User-added image

 

User-added image



 
CauseThis is a known issue reported in engineering ticket ACM-98192.
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.1.1 P02. However, the recommendation is to go to RSA Identity Governance & Lifecycle 7.1.1 P03 as there are known defects in 7.1.1 P02 related to forms and documented in the following RSA Knowledge Base Articles:





 

Attachments

    Outcomes