This, in part, is to enable me to test my SPNEGO / Kerberos configuration.
Having created a JEE application in Eclipse, with servlet, login page etc. and having tested it in Liberty, I'd deployed my code to WAS ND.
However, when I tried to access the servlet: -
[03/12/18 17:15:19:295 GMT] 00000096 WebCollaborat A SECJ0129E: Authorization failed for user hayd:defaultWIMFileBasedRealm while invoking GET on default_host://HelloWorld, Authorization failed, Not granted any of the required roles: reader
I'd already ensured that I'd mapped my users ( hayd and Administrator ) to the appropriate role: -
However, I was holding it wrong .... when I'd hand-cranked the web.xml, I'd made a little booboo.
I'd specified the Security Role as: -
but specified the Auth Constraint -> Role Name as: -
So it made NO difference to which user/group I assigned the Reader role; it'd never work :-(