posted 13 years ago
We have implemented JAAS in our application for authentication and authorization. Both are working fine on tomcat. But authorization is not working on WAS 7.0. Any user is able to access all the pages despite the permissions set on the principals. I have placed our policy file in security folder of websphere java jre. And made entries in java.security file. Entry is as below:
auth.policy.provider=com.sun.security.auth.PolicyFile
auth.policy.url.1=file:${java.home}/lib/security/flame.policy
It seems WAS is not reading my policy file at all. Please help me on this. Do I need to do some specific settings in WAS 7.0