• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

MBean security across applications

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an .ear file with two .war files. One of the .war files has code to create and register an MBean. The code does this:

1. Use the MBeanServerFactory to find the MBeanServer who's default domain is "WebSphere".
2. Create an instance of the MBean.
3. Create an instance of ObjectName using the String containing the MBean's name.
4. Use the MBeanServer's registerMBean method to register the MBean using the ObjectName.

The other .war file has a servlet whose code tries to invoke one of the MBean's methods, by doing this:

1. Use the MBeanServerFactory to find the MBeanServer who's default domain is "WebSphere".
2. Use the MBeanServer's invoke method to invoke a method (getParameter) on the MBean.

The invoke method fails, and I see this message in the .log file:

[3/22/11 14:41:41:372 CDT] 0000009b RoleBasedAuth A SECJ0305I: The role-based authorization check failed for admin-authz operation com.mydomain:service=MyService,cell=localhostNode01Cell,node=localhostNode01,process=server1:getParameter:java.lang.String. The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following required roles: operator, administrator.

If I go into the Integrated Solutions Console and uncheck "Enable administrative security" on the Global security screen, and then stop/start WebSphere, the invoke method succeeds. But I don't think this is the correct solution, because it lets anybody log into the Integrated Solutions Console!

Does anybody know a way to fix this problem?

It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!