PQ93531: Application install fails with error ADMN0022E when using wsadmin install syntax | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Problem: Client enabled the global security and crated user called "deployer" with configurator role defined which fails to deploy an application using wsadmin install task. Two nodes - one Cell - LDAP server, Global security enabled, WebSphere version: WAS 5.1.1 - Build Number: a0426.01 Build Date: 06/27/2004 Client setup the LDAP server and created user called "deployer" with configurator role defined. If client run the install from wsadmin the wsadmin install fails with ADMN0022E Access denied for the method getServerConfig in FileTransferServer MBean. Caused by: javax.management.JMRuntimeException: ADMN0022E: Access denied for the getServerConfig operation on FileTransferServer MBean due to insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleA dminFault(SOAPConnectorClient.java:610) If he installs using the adminconsole then it works fine. Following sample script run: $AdminApp install C:/WAS51/WebSphere/AppServer/installableApps/ivtApp.ear {-cell waslinux21Network -server server1 -node waslinux21 -usedefaultbindings -appname IVTApp} $AdminConfig save Output: ====== C:\WAS51\WebSphere\AppServer\bin>wsadmin.bat -f c:\tmp\ivt-install.jacl -user deployer -password deployer WASX7209I: Connected to process "dmgr" on node waslinux21Manager using SOAP connector; The type of process is: DeploymentManager ADMA0080W: A template policy file without any permission set is included in the 1.2.x enterprise application. You can modify the Java 2 Security policy for the enterprise application by editing the was.policy file located in the ${user.install.root}/config/cells/(yourCellName)/applications/(y ourAppN ame).ear/deployments/(yourAppName)/META-INF directory after the application is installed. For syntax of was.policy, please refer to the Dynamic Policy section of documentation in Info Center. WASX7327I: Contents of was.policy file: // // Template policy file for enterprise application. // Extra permissions can be added if required by the enterprise application. // // NOTE: Syntax errors in the policy files will cause the enterprise application FAIL to start. // Extreme care should be taken when editing these policy files. It is advised to use // the policytool provided by the JDK for editing the policy files // (WAS_HOME/java/jre/bin/policytool). // grant codeBase "file:${application}" { }; grant codeBase "file:${jars}" { }; grant codeBase "file:${connectorComponent}" { }; grant codeBase "file:${webComponent}" { }; grant codeBase "file:${ejbComponent}" { }; WASX7017E: Exception received while running file "c:\tmp\ivt-install.jacl"; exception information: com.ibm.websphere.management.filetransfer.client.TransferFailedE xception java.lang.NullPointerException: java.lang.NullPointerExceptionLocal fix Adminconsole works fine.Problem summary **************************************************************** * USERS AFFECTED: Websphere Application Server users who * * wish to install an application from * * wsadmin with configurator role in an * * environment where global security is * * enabled. * **************************************************************** * PROBLEM DESCRIPTION: When a user with configurator role * * deploys an application from wsadmin * * in a secured environment, the * * operation will fail with a security * * exception. * **************************************************************** * RECOMMENDATION: * **************************************************************** When configurator role installs an application from wsadmin in a secured environment, the operation will fail with the following exception: Caused by: javax.management.JMRuntimeException: ADMN0022E: Access denied for the getServerConfig operation on FileTransferServer MBean due to insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient. handleAdminFault(SOAPConnectorClient.java:610)Problem conclusion Modified the code so as to make installation successful.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 10S
Software edition:
Reference #: PQ93531
IBM Group: Software Group
Modified date: Oct 19, 2004
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.