|
Problem |
When accessing an application, a 403 error is received in
the Web browser. The 403 error indicates that the resource being requested
is forbidden. This is usually caused when security is enabled and the user
that has been authenticated is not authorized to view the resource.
From a trace of the server where the application is running, you will see
something similar to the following:
...
swamLoginModu d Successfully gathered authentication information (means
the user has been authenticated)
...
WSAccessManag < isGrantedAnyRole:No role or group role found for
accessId[user:tn5617:30403/uid=<user>,ou=people,dc=example,dc=com],
exit value:false
WebCollaborat < checkAuthorization: throw AccessException
WebCollaborat d checkAuthorization() failed, here is the message in the
exception: Authorization failed, Not granted any of the required roles:
aaa bbb
WebCollaborat A SECJ0129E: Authorization failed for <user> while
invoking GET on default_host:/p3/JSP/main.jsp, Authorization failed, Not
granted any of the required roles: aaa bbb
Where aaa and bbb are security roles set up within the
application.
|
|
Cause |
There is not a role granted to this user even though the
user has been authenticated. |
|
Solution |
During installation of your application the roles
aaa and ddd must be mapped to a user/group. This information
is kept in the ibm-application-bnd.xmi file for the application you are
running. If no <specialSubjects> tag is present in this file for the
SecurityRoles defined the mapping has not been done.
You can also set the mapping after installation through the
Administrative Console following these steps:
- Select Enterprise Applications,
- Select "ApplicationName",
- Select Mapping Users to Roles, then
- Map the roles.
|
|
|
|
|
|
|