Fix (APAR): PI94754 Status: Fix Release: 8.5.5.13,8.5.5.12 Operating System: AIX,HP-UX,IBM i,Inspur K-UX,Linux,OS X,Solaris,Windows,iOS,z/OS Supersedes Fixes: CMVC Defect: xxxxxx Byte size of APAR: 288498 Date: 2018-03-23 Abstract: ADMR0024E: User does not have the required role to access 1 document(s). Description/symptom of problem: PI94754 resolves the following problem: ERROR DESCRIPTION: The following error message was seen in log files: [2/7/18 13:31:07:470 CET] 000000fd RoleBasedAuth 3 Unauthenticated or missing subject/credentials. java.lang.Exception: Unauthenticated or missing subject/credentials. at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.getEffectiveCre dentials(RoleBasedAuthorizerImpl.java:785) at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.isGrantedAnyRol e(RoleBasedAuthorizerImpl.java:981) at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess (AdminAuthorizerImpl.java:810) at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess (AdminAuthorizerImpl.java:259) ... ... at com.ibm.websphere.management.application.EditionHelper.getActive EditionOnServer(EditionHelper.java:645) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl$3.run(FileLo catorImpl.java:232) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl$3.run(FileLo catorImpl.java:229) at java.security.AccessController.doPrivileged(AccessController.jav a:400) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl.getActiveEdi tion(FileLocatorImpl.java:228) ... ... LOCAL FIX: N/A PROBLEM SUMMARY USERS AFFECTED: All users of IBM WebSphere Application Server for JAX-WS Web services with polciy attachments. PROBLEM DESCRIPTION: ADMR0024E: User does not have the required role to access 1 document(s). RECOMMENDATION: None The following error message was seen in log files: [2/7/18 13:31:07:470 CET] 000000fd RoleBasedAuth 3 Unauthenticated or missing subject/credentials. java.lang.Exception: Unauthenticated or missing subject/credentials. at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.getEffectiveCre dentials(RoleBasedAuthorizerImpl.java:785) at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.isGrantedAnyRol e(RoleBasedAuthorizerImpl.java:981) at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess (AdminAuthorizerImpl.java:810) at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess (AdminAuthorizerImpl.java:259) ... ... at com.ibm.websphere.management.application.EditionHelper.getActive EditionOnServer(EditionHelper.java:645) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl$3.run(FileLo catorImpl.java:232) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl$3.run(FileLo catorImpl.java:229) at java.security.AccessController.doPrivileged(AccessController.jav a:400) at com.ibm.ws.policyset.runtime.server.FileLocatorImpl.getActiveEdi tion(FileLocatorImpl.java:228) ... ... When security is enabled, the error message may look like the following: ADMR0024E: User defaultWIMFileBasedRealm/user1_5 does not have the required role to access 1 document(s). PROBLEM CONCLUSION: The problem has been resolved by adding proper access control code. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.14. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release 8.5 _X_ Application Server (Express or BASE) _X_ Network Deployment (ND) __ Liberty Core __ Edge Components __ Developer Install Fix to all WebSphere installations unless special instructions are included below. Special Instructions: This fix can be applied for WAS 8.5.5.12 and 8.5.5.13 fix pack levels. NOTE: The user must: * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required. The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before applying the iFixes. Restart WebSphere Application Server after applying the iFixes. Directions to remove fix: The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes. http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp. Shutdown WebSphere Application Server before removing the iFixes. Restart WebSphere Application Server after removing the iFixes. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere Application Server. Additional Information: No ifix is needed for fix pack level before 8.5.5.12.