Tuesday, 4 December 2018

WebSphere Application Server - Get your security roles right

I'm back in the early noughties, tinkering with Java Enterprise Edition (JEE) servlets and WebSphere Application Server (WAS) Network Deployment (ND).

This, in part, is to enable me to test my SPNEGO / Kerberos configuration.

Having created a JEE application in Eclipse, with servlet, login page etc. and having tested it in Liberty, I'd deployed my code to WAS ND.

However, when I tried to access the servlet: -


I saw this: -

[03/12/18 17:15:19:295 GMT] 00000096 WebCollaborat A   SECJ0129E: Authorization failed for user hayd:defaultWIMFileBasedRealm while invoking GET on default_host://HelloWorld, Authorization failed, Not granted any of the required roles: reader

I'd already ensured that I'd mapped my users ( hayd and Administrator ) to the appropriate role: -

However, I was holding it wrong .... when I'd hand-cranked the web.xml, I'd made a little booboo.

I'd specified the Security Role as: -


but specified the Auth Constraint -> Role Name as: -


So it made NO difference to which user/group I assigned the Reader role; it'd never work :-(

Get it right .....

No comments:

Grokking grep

A colleague was tinkering with grep  and, thanks to him, I discovered a bit more about the trusty little utility. I had not really explored ...