Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • salvin francis
  • fred rosenberger

MBean security across applications

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an .ear file with two .war files. One of the .war files has code to create and register an MBean. The code does this:

1. Use the MBeanServerFactory to find the MBeanServer who's default domain is "WebSphere".
2. Create an instance of the MBean.
3. Create an instance of ObjectName using the String containing the MBean's name.
4. Use the MBeanServer's registerMBean method to register the MBean using the ObjectName.

The other .war file has a servlet whose code tries to invoke one of the MBean's methods, by doing this:

1. Use the MBeanServerFactory to find the MBeanServer who's default domain is "WebSphere".
2. Use the MBeanServer's invoke method to invoke a method (getParameter) on the MBean.

The invoke method fails, and I see this message in the .log file:

[3/22/11 14:41:41:372 CDT] 0000009b RoleBasedAuth A SECJ0305I: The role-based authorization check failed for admin-authz operation com.mydomain:service=MyService,cell=localhostNode01Cell,node=localhostNode01,process=server1:getParameter:java.lang.String. The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following required roles: operator, administrator.

If I go into the Integrated Solutions Console and uncheck "Enable administrative security" on the Global security screen, and then stop/start WebSphere, the invoke method succeeds. But I don't think this is the correct solution, because it lets anybody log into the Integrated Solutions Console!

Does anybody know a way to fix this problem?

This is my favorite tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
    Bookmark Topic Watch Topic
  • New Topic