Sample wsadmin command to create authorization table for an enterprise application
 Technote (troubleshooting)
 
Problem(Abstract)
During IBM® WebSphere® Application Server startup it will make a call to user registry to populate user ID and group ID and if there is a problem with building this table any authorization attempt later will fail since nothing is in authorization table .

There might be some problem with user registry as to why Application Server is not able to build this authorization table.

From the attached sample trace we can see that security call WMM registry to validate group name of portaladmin, and registry returns nothing back, thus nothing is filled for runtime authorization table. As a result, any authorization attempt later will fail, since nothing is in authorization table due to WMM registry failure during server startup.

[2/24/06 10:16:53:404 EST] 0000001c UserRegistryI > getUniqueGroupId Entry
cn=portaladmin,ou=Internal Groups,ou=Groups,dc=prudential,dc=com
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag 3 group accessId=null
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag <fillMissingAccessIds Exit
[2/24/06 10:16:53:450 EST] 0000001c WSAccessManag < addAuthorizationTable Exit
[2/24/06 10:16:53:450 EST] 0000001c ServerSecurit 1 Authorization Table processed for Application rdportal1
 
Resolving the problem
Use the following wsadmin.sh/bat tool command to update these AccessIDs :
$AdminApp updateAccessIDs myapp true

It updates the access ID information for users and groups that are assigned to various roles that are defined in the application. The access IDs are read from the user registry and saved in the application bindings. This operation improves run-time performance of the application. Call this command after installing an application or after editing security role-specific information for an installed application. This method cannot be invoked when the -conntype option is set to NONE. You must be connected to a server to invoke this command.

The bALL Boolean parameter retrieves and saves all access IDs for users and groups in the application bindings. Specify false if you want to retrieve access IDs for users or groups that do not have an access ID in the application bindings.

This command needs to be run for all the applications which rely on the same security mechanism.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1236924
IBM Group: Software Group
Modified date: May 3, 2006