Tuesday, 4 December 2018

WebSphere Application Server - Get your security roles right

I'm back in the early noughties, tinkering with Java Enterprise Edition (JEE) servlets and WebSphere Application Server (WAS) Network Deployment (ND).

This, in part, is to enable me to test my SPNEGO / Kerberos configuration.

Having created a JEE application in Eclipse, with servlet, login page etc. and having tested it in Liberty, I'd deployed my code to WAS ND.

However, when I tried to access the servlet: -

https://was.uk.ibm.com:9444/HelloWorld/Hello

I saw this: -

[03/12/18 17:15:19:295 GMT] 00000096 WebCollaborat A   SECJ0129E: Authorization failed for user hayd:defaultWIMFileBasedRealm while invoking GET on default_host://HelloWorld, Authorization failed, Not granted any of the required roles: reader

I'd already ensured that I'd mapped my users ( hayd and Administrator ) to the appropriate role: -



However, I was holding it wrong .... when I'd hand-cranked the web.xml, I'd made a little booboo.

I'd specified the Security Role as: -

Reader

but specified the Auth Constraint -> Role Name as: -

reader

So it made NO difference to which user/group I assigned the Reader role; it'd never work :-(

Get it right .....

No comments:

SSH and "Too many authentication failures" - a new one on me

Having created a new user on an Ubuntu 16.04 boxen, I started seeing this: - Received disconnect from 192.168.3.123 port 22:2: Too many au...