• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

J2EE Security

 
Ranch Hand
Posts: 3271
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to set up application security for a project I'm working on and I'm running into a bit of difficulty. In my deployment descriptor, I have this:



What I'd really like to have happen is to allow anyone that successfully authenticates to access the page - but I need them to log in to prove who they are. Right now, what's happening is that it seems that the authentication happens properly, but then I get a 403 error stating that the user does not have any of the assigned roles required (administrator) to get to the desired resource.

The app server behind this is WAS 6.1 and that's authenticating against LDAP.

What am I missing in this configuration? How do I map the user to a role? Does that have to come from LDAP?

Thanks.
 
Ranch Hand
Posts: 1512
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are correct. The way you have it configured only users that belong to the Administrator role will have access to perform the specified actions on the resources. The users have to be mapped to the administrator role in order to be able to be able to perform the actions

Mapping users to is obviously server specific, for tomcat I kow it's via the tomcat-users.xml file. For WAS, I found some infor that may help.

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_adminconsole.html
 
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic