Tuesday, 4 December 2018

WebSphere Application Server - Get your security roles right

I'm back in the early noughties, tinkering with Java Enterprise Edition (JEE) servlets and WebSphere Application Server (WAS) Network Deployment (ND).

This, in part, is to enable me to test my SPNEGO / Kerberos configuration.

Having created a JEE application in Eclipse, with servlet, login page etc. and having tested it in Liberty, I'd deployed my code to WAS ND.

However, when I tried to access the servlet: -

https://was.uk.ibm.com:9444/HelloWorld/Hello

I saw this: -

[03/12/18 17:15:19:295 GMT] 00000096 WebCollaborat A   SECJ0129E: Authorization failed for user hayd:defaultWIMFileBasedRealm while invoking GET on default_host://HelloWorld, Authorization failed, Not granted any of the required roles: reader

I'd already ensured that I'd mapped my users ( hayd and Administrator ) to the appropriate role: -



However, I was holding it wrong .... when I'd hand-cranked the web.xml, I'd made a little booboo.

I'd specified the Security Role as: -

Reader

but specified the Auth Constraint -> Role Name as: -

reader

So it made NO difference to which user/group I assigned the Reader role; it'd never work :-(

Get it right .....

No comments:

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...