Authorization Failures but should have proper permissions to access web resource.
 Technote (FAQ)
 
Problem
You are trying to access a secured web resource. After successful authenticating, you receive authorization failed exceptions even though you are defined in a role with proper permissions to access.
 
Cause
Exceptions in the tracefile are simular to the following:
[02.01.31 13:20:25:115 CST] bb8b52 WSAccessManag < isGrantedAnyRole:No role or group role found for accessId[user:EXCHANGE/S-1-5-21-9888937-1170499181-1202159320-40778], exit value:true
[02.01.31 13:20:25:115 CST] bb8b52 WebCollaborat < checkAuthorization: throw AccessException
[02.01.31 13:20:25:115 CST] bb8b52 WebCollaborat D checkAuthorization() failed, here is the message in the exception: Authorization failed, Not granted any of the required roles: VIP
[02.01.31 13:20:25:115 CST] bb8b52 WebCollaborat A SECJ0129A: Authorization failed for wsUser while invoking GET on default_host:/CommandWeb/secure.jsp, Authorization failed, Not granted any of the required roles: VIP

The real problem may not have been with WebSphere but rather with the WebSphere® Studio Application Development (WSAD). WebSphere either entered the full value of the accessId or left it our completely, which is OK and will just cause the runtime to get the accessID.

The customer was not able to use WebSphere's interface, they had to use WSAD's instead. This interface was producing accessId's with nulls, this was the problem. (accessId="")
The access ID values can be seen under the deployed ear files directory in the ibm-application-bnd.xmi file.

The xmi file is where the User to Roles are defined but the accessId is not filled in. <users xmi:id="User_2" name="wsuser" accessId=""/>

This should have been done automatially when deploying the ear file or when making an update to the Application Roles in the Admin console.
i.e.
<users xmi:id="User_1" name="wsuser" accessId="user:PIGDOMAIN100/S-1-5-21-1177238915-113007714-214693
7053-1001"/>
 
Solution
Efix PQ57615 was created allowed for the nulls, and will just use the runtime to get accessID's.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 4.0.2
Software edition:
Reference #: 1054143
IBM Group: Software Group
Modified date: Dec 8, 2003