|
Problem(Abstract) |
During IBM® WebSphere® Application Server startup it will
make a call to user registry to populate user ID and group ID and if there
is a problem with building this table any authorization attempt later will
fail since nothing is in authorization table .
There might be some problem with user registry as to why Application
Server is not able to build this authorization table.
From the attached sample trace we can see that security call WMM registry
to validate group name of portaladmin, and registry returns nothing back,
thus nothing is filled for runtime authorization table. As a result, any
authorization attempt later will fail, since nothing is in authorization
table due to WMM registry failure during server startup.
[2/24/06 10:16:53:404 EST] 0000001c UserRegistryI > getUniqueGroupId
Entry
cn=portaladmin,ou=Internal Groups,ou=Groups,dc=prudential,dc=com
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag 3 group accessId=null
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag <fillMissingAccessIds
Exit
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag <
addAuthorizationTable Exit
[2/24/06 10:16:53:450 EST] 0000001c ServerSecurit 1 Authorization Table
processed for Application rdportal1 |
|
|
|
Resolving the
problem |
Use the following wsadmin.sh/bat tool command to update
these AccessIDs :
$AdminApp updateAccessIDs myapp true
It updates the access ID information for users and groups that are
assigned to various roles that are defined in the application. The access
IDs are read from the user registry and saved in the application bindings.
This operation improves run-time performance of the application. Call this
command after installing an application or after editing security
role-specific information for an installed application. This method cannot
be invoked when the -conntype option is set to NONE. You must be connected
to a server to invoke this command.
The bALL Boolean parameter retrieves and saves all access IDs for users
and groups in the application bindings. Specify false if you want to
retrieve access IDs for users or groups that do not have an access ID in
the application bindings.
This command needs to be run for all the applications which rely on the
same security mechanism. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|