Liberty server 19.0.0.9 -how to authorize unauthenticated user

Question

I have new problem with container security . On the server i have two ears first call service from second. On service there is @RolesAllowed("Authenticated"). My configuration in server.xml looks like this:

<featureManager>
    <feature>jndi-1.0</feature>
    <feature>distributedMap-1.0</feature>
    <feature>localConnector-1.0</feature>
    <feature>wasJmsClient-2.0</feature>
    <feature>jdbc-4.1</feature-->
    <feature>javaMail-1.5</feature>
    <feature>json-1.0</feature>
    <feature>adminCenter-1.0</feature>
    <feature>appSecurity-2.0</feature>
    <feature>beanValidation-2.0</feature>
    <feature>cdi-2.0</feature>
    <feature>jsf-2.3</feature>
    <feature>mdb-3.2</feature>
    <feature>ejbHome-3.2</feature>
    <feature>ejbLite-3.2</feature>
    <feature>ejbRemote-3.2</feature>
    <feature>jca-1.7</feature>
    <feature>concurrent-1.0</feature>
    <feature>jms-2.0</feature>
    <feature>appClientSupport-1.0</feature>
    <feature>ldapRegistry-3.0</feature>
  </featureManager>


<basicRegistry id="basic" realm="customRealm">
    <user password="{xor}Ozo5Kiw6LQ==" name="defuser" />
</basicRegistry>

Both ears contains identical configuration

<application-bnd>
    <security-role name="All Role">
        <special-subject type="ALL_AUTHENTICATED_USERS" />
    </security-role>
</application-bnd>

The second ear contains ibm-application-ibd.xml file but i can not edit it. Best would be to override it. When i call service from second ear i still get exception : Caused by: javax.ejb.EJBAccessException: CWWKS9400A: Authorization failed for user UNAUTHENTICATED while invoking

Eny ideas ?

What is your security configuration in `web.xml`? As it looks like you are not logged in in the application, or you are not providing credentials during service invoke, — Gas, Oct 15 '19 at 15:12

score 0 · Answer 1 · answered Oct 15 '19 at 13:31

0

Liberty allows you to override application binding files using the server config element application-bnd, see IBM KnowledgeCenter topic https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.liberty.autogen.base.doc/ae/rwlp_config_enterpriseApplication.html#application-bnd and https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_rolebased.html for details.

answered Oct 15 '19 at 13:31

F Rowe

2,042
1
11
12

But i did as in documentstion and it does not work. – darkstar Oct 15 '19 at 14:02
Post the pertinent parts of your server.xml showing the element – F Rowe Oct 15 '19 at 14:20
– darkstar Oct 15 '19 at 14:34

score 0 · Answer 2 · answered Mar 25 '22 at 20:01

According to my experience configuring the authentication with Websphere Liberty, the login showed up only for restricted pages only, so the app needs to definen some security constraint in the web.xml like this example:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secured API</web-resource-name>
        <url-pattern>/s/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>user</role-name>
</security-role>

Liberty server 19.0.0.9 -how to authorize unauthenticated user

2 Answers2