Explanation | The <role-link> entry for the <security-role-ref> element is required to map the <role-name> to a real security role. |
Action | Define the missing <role-link> entry for the <security-role-ref> element. |
Explanation | The <role-link> entry for the <security-role-ref> element is required to map the <role-name> to a real security role. |
Action | Either create a <security-role> element for the <role-link> name, or change the <role-link> entry to name an existing the <security-role> name. |
Explanation | The <url-pattern> entry in the <servlet-mapping> element maps a specific <servlet-name> to the specified pattern. Using the same pattern creates an ambiguous mapping. |
Action | Change the <url-pattern> to be unique. |
Explanation | The authorization table for an application was not created and therefore no users will be authorized. |
Action | Examine the logs to determine why the authorization table was not created. |
Explanation | The user does not have the necessary permission to access the resource. |
Action | Contact your security administrator if this is unexpected. Your user must be mapped to one of the roles protecting the resource if access to the protected resource is required. |
Explanation | An internal error occurred. The SSL port could not be determined. |
Action | No action can be taken. |
Explanation | When LTPA is the authentication mechanism, SSO must also be enabled if any web applications use FORM login. |
Action | Enable SSO in the security settings, then restart the application server. |
Explanation | When the appropriate interceptor is found for a given request, that interceptor then validates its trust with the reverse proxy server. This error message suggests that the validation has failed and therefore the reverse proxy cannot be trusted. For example, an incorrect or expired password might have been provided. |
Action | In a production environment, the user might be alerted to check if there is an intruder in the system. In a development environment in which testing is underway, verify that the expected inputs from the reverse proxy server are being passed to the interceptor correctly. The nature of these inputs depends on how trust association is being established. For example, the simplest method is to pass a user name and password through the Basic Authentication header. |
Explanation | Post parameters are null, or are larger than the configured maximum size for Web Application Authentication option postParamCookieSize. |
Action | If post parameters are too large, increase the size for the postParamCookieSize option. |
Explanation | An interceptor returns the authenticate user name. No such user name was returned. |
Action | Verify that the reverse proxy server is inserting the correct user name in the HTTP request before it sends the request to the application server. |
Explanation | This exception refers to all other exceptions that can be created by an interceptor, when validating trust with the reverse proxy server and when getting the authenticated user name, except for WebTrustAssociationFailedException and WebTrustAssociationUserException. |
Action | Debug the problem from the stack trace that is printed together with this error message. You can also turn on the debug trace to get more information about the nature of the exception. |
Explanation | Application names must be unique for security authorization policy to be enforced. |
Action | Change the applications to have unique names and restart the application. |
Explanation | The object used to create the authorization table must be an instance of the SecurityRoles class. |
Action | Ensure that the object passed to the API for creating the authorization table is an instance of the SecurityRoles class. |
Explanation | The web application security settings were modified. The value of the properties in the message are the new values. |
Action | No action is required. |
Explanation | The SSL port could not be determined, which prevented the incoming HTTP request from being redirected to the HTTPS port. This could happen if there is a configuration error in the keyStore element or the SSL feature is missing. |
Action | Ensure that you have the correct SSL information in server.xml. |
Explanation | The servlet request URL is malformed, which prevented the incoming HTTP request from being redirected to the HTTPS port. |
Action | Ensure the servlet request URL is correct. |
Explanation | A servlet response indicates an internal server error has occurred. |
Action | Review the server logs for more information. If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Explanation | Login process has not completed due to an internal error. |
Action | Review the server logs for more information. If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Explanation | Processing a requested method is prohibited. |
Action | If this error is unexpected, ensure that the application allows the methods that the client is requesting. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: http://www.ibm.com/software/webservers/appserv/was/support/ WebSphere Application Server for z/OS Support page: http://www.ibm.com/software/webservers/appserv/zos_os390/support/ . |
Explanation | Logging out the user did not complete successfully because an unexpected exception occurred removing the user's cookies from the authentication cache. |
Action | Review the server logs for more information, and log the user out again if possible. If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |