|
Problem(Abstract) |
When starting up the administrative server, Administrative
Console, or other Java™ client, you receive the following error message:
- For V3.5: "Authorization failed for / while invoking (Home)
ClientAccessHome"
- For V4.0: "Authorization failed for /UNAUTHENTICATED while
invoking (Home)ClientAccessHome"
|
|
|
|
Resolving the
problem |
The following error shows up in the tracefile:
For releases of WebSphere Application Server
V3.5
Creating unauthenticated BasicAuth credentials.
3438> Thu Apr 19 09:56:45 CDT 2001 -
PrincipalAuthenticatorImpl.createUnauthenticatedCred, Thread[Pooled
ORB request dispatch WorkerThread,5,ORB thread pool]:
Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for / while invoking(Home)ClientAccessHome create
For releases of WebSphere Application Server V4.0,
V5.x
Creating unauthenticated credential.
[01.04.19 09:56:45:749 CDT] e1ec6174 SecurityColla A Authorization
failed for /UNAUTHENTICATED while invoking(Home)ClientAccessHome
create
There are a number of things that can cause these messages:
- If you get this exception when starting up the administrative server
this might be as a result of running the server as non-root and
using the registry of the local operating system instead of using LDAP. In
WebSphere® Application Server V3.5.2 and earlier, a bug existed that
allowed you to use the local operating system; however, this has been
fixed.
- If the administrative server starts without any problems, but when you
try to start the Administrative Console or other Java™ client you get the
Authorization failed for / messages, check to insure that the
sas.client.props file has the following setting:
com.ibm.CORBA.securityEnabled=true
Also make sure you are using the same SSL key ring and password.
For example:
com.ibm.CORBA.SSLKeyRingPassword=WebAS
com.ibm.CORBA.SSLKeyRing=com.ibm.websphere.DummyKeyring
- If there is a space character " " after:
com.ibm.CORBA.securityEnabled=true
in the sas.client.props file, the administrative client fails to
see the true and defaults to false. This is a bug.
Other things to look for
- Check that the sas.client.props is using the same
SSLServerKeyRing and SSLServerKeyRingPassword password.
For example:
com.ibm.CORBA.SSLServerKeyRing=com.ibm.websphere.DummyKeyring
com.ibm.CORBA.SSLServerKeyRingPassword=WebAS
- Check that the sas.server.props is using the same
SSLClientKeyRing and SSLClientKeyRingPassword.
For example:
com.ibm.CORBA.SSLClientKeyRingPassword=WebAS
com.ibm.CORBA.SSLClientKeyRing=com.ibm.websphere.DummyKeyring
- Also check that the ConfigURL syntax is correct in the
setupCmdLine.bat file for Windows®.
For example:
SET CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
WebSphere/AppServer/properties/sas.client.props
SET SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/C:/
WebSphere/AppServer/properties/sas.server.props
or setupCmdLine.sh for UNIX®:
For example:
CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
/AppServer/properties/sas.client.props
export CLIENTSAS
SERVERSAS=-Dcom.ibm.CORBA.ConfigURL=file:/opt/WebSphere
/AppServer/properties/sas.server.props
export SERVERSAS
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|