403 error received at the browser and SECJ0129E observed in the trace when accessing an application
 Technote (FAQ)
 
Problem
When accessing an application, a 403 error is received in the Web browser. The 403 error indicates that the resource being requested is forbidden. This is usually caused when security is enabled and the user that has been authenticated is not authorized to view the resource.

From a trace of the server where the application is running, you will see something similar to the following:
...
swamLoginModu d Successfully gathered authentication information (means the user has been authenticated)
...
WSAccessManag < isGrantedAnyRole:No role or group role found for accessId[user:tn5617:30403/uid=<user>,ou=people,dc=example,dc=com], exit value:false
WebCollaborat < checkAuthorization: throw AccessException
WebCollaborat d checkAuthorization() failed, here is the message in the exception: Authorization failed, Not granted any of the required roles: aaa bbb
WebCollaborat A SECJ0129E: Authorization failed for <user> while invoking GET on default_host:/p3/JSP/main.jsp, Authorization failed, Not granted any of the required roles: aaa bbb

Where aaa and bbb are security roles set up within the application.
 
Cause
There is not a role granted to this user even though the user has been authenticated.
 
Solution
During installation of your application the roles aaa and ddd must be mapped to a user/group. This information is kept in the ibm-application-bnd.xmi file for the application you are running. If no <specialSubjects> tag is present in this file for the SecurityRoles defined the mapping has not been done.

You can also set the mapping after installation through the Administrative Console following these steps:

  1. Select Enterprise Applications,
  2. Select "ApplicationName",
  3. Select Mapping Users to Roles, then
  4. Map the roles.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 5.1
Software edition:
Reference #: 1188730
IBM Group: Software Group
Modified date: Nov 1, 2004