websphere,jaas,user-roles , Can't map roles to gropus using ibm-application-bnd.xml

Can't map roles to gropus using ibm-application-bnd.xml


Tag: websphere,jaas,user-roles

I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message:

[08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A   SECJ0129E: ... GET в null:/loginmodule/date/, Authorization failed, Not granted any of the required roles: user-role

When I try configure it with ibm console it works. All configuration WAS writes into ibm-application-bnd.xmi instead of ibm-application-bnd.xml.

What do I wrong? Using Websphere AS 8.5.5 with Java 1.6


<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://websphere.ibm.com/dxml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
      xmlns="http://websphere.ibm.com/xml/ns/javaee" version="1.2">
      <security-role name="user-role">
            <group name="user-group" />


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

                  <description />




WebSphere Application Server uses XML for EE 5+ only, and that decision is made on a per-deployment descriptor basis. If ibm-application-bnd.xmi is being used, then I suspect your application.xml has version="1.4" or lower, so try again after updating to an EE 5 XML header (remove doctype, add xmlns, add xmlns:xsi, add xsi:schemaLocation, update version attribute).


Struts/Spring WebSphere jndi error

I'm fairly new with WebSphere (mainly worked with Tomcat) and am trying to host a Struts/Spring/Hibernate website. The website is supposed to be able to look up data from an Oracle database and display that information. I'm currently not able to get the website running and it seems to be...

Secure Cookie Attribute in WebSphere

We are trying to secure our JSESSIONID in our WebSphere Full Profile I have followed the URL provided: http://www-01.ibm.com/support/docview.wss?uid=swg21422185 Our server configuration: Server11_was: I have Recycled my node - servers and runtimes. However, The JSESSIONID still coming as not secure. Am I missing something? WebSphere version:

how to activate LDAPLoginModule in Apache Karaf 3.0.3

I want to active Ldap Login Module in apache karaf 3.0.3. My karaf-jaas-module.xml is ; . . . <jaas:config name="karaf" rank="2"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=admin connection.password=xxxxxxx connection.protocol= connection.url=ldap://activedirectory_host:389 user.base.dn=cn=orcladmin,cn=users,dc=vmldapdevelop,dc=com user.filter=(sAMAccountName=%u) user.search.subtree=true...

WebSphere 7 - Can excessive Garbage Collection lead to out of memory?

Issue: Getting out of native memory exception and was wondering if excessive garbage collection can lead to this? Also any advice on GC policy or tuning would be helpful. I'm not sure if what I have warrants a change yet. Good Reference StackOverflow Question: Which GC Policy to Use Specs:...

EJB Timer retry Interval

Is it possible to increase the retry interval of EJB Timer in WAS ? When I m getting a database timeout error, the Timer was keep retrying after every 30 seconds which I dont want to be like that.

How to configure application level settings in Websphere developer tool in Eclipse?

I install WebSphere Developer tools for Eclipse and refer to my local WebSphere 7 installation. Then deploy a Spring application within an EAR project. However, when I deploy the EAR project into WebSphere server instance in Eclipse, I find no options/UI to assign external library or assign role/user mapping etc,...

Where to find in IBM Websphere 7.0 admin console to configure http_access.log to show response time

We are using IBM Websphere 7.0 Server. I need to configure to see response time in the http_access.log. I navigated through most of the admin console options, but I am not sure where to find it.

Error 500: Handler processing failed; nested exception is java.lang.NoSuchMethodError: java/lang/String.isEmpty()Z

I have been facing this issue with my application(SPRING +JPA+JSP) when i click on search button after selecting my search criteria.My search criteria has two dropdownbox,one textfield,one datepicker.The issue is coming with the value binding to textfield.After clicking on submit,it will make a ajax call with the following url :(It...

Launching a JMX agent with a custom JAAS login module, setting login() to always return true

I'm building a custom JAAS module for a JMX instance. The file that is being run is the following: MBean Interface package com.this.mbean; public interface ImplementationMBean { public void setName(String name); public String getName(); public void setNumber(int number); public int getNumber(); public boolean getKilled(); public void setKilled(boolean killed); } Implementation...

websphere - CWWKE0054E error unable to open file

i am trying run the websphere liberty profile server from the command line. I am following the steps told here : https://developer.ibm.com/wasdev/downloads/liberty-profile-using-non-eclipse-environments/ I have created the server with the name server1. But when the extraction completes and I try to start the server using the command : server start server1...

Configure websphere to send java web pages compatible to IE 11

We have legacy java web application running on WebSphere Apllication server 8.0. Required to make compatible with IE11 with minimal changes. Instead of doing changes in each JSP which makes lot of effort and time, we wanted to go ahead with applications level compatibility settings changes to work them in...

Websphere 8.5: Can't find classes even those classes are in lib folder

I'm using spring/wss4j for web service security in websphere 8.5. Wss4j requires xmlsec.jar and I've included xmlsec.jar under WEB-INF/lib/xmlsec-2.0.4.jar. But websphere classloader can't find DOMXMLSignatureFactory. Caused by: java.lang.ClassNotFoundException: org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory at java.net.URLClassLoader.findClass(URLClassLoader.java:599) ~[na:1.7.0] at com.ibm.ws.bootstrap.ExtClassLoader.findClass(ExtClassLoader.java:204) ~[bootstrap.jar:WAS855.SERV1 [cf011339.02]] at...

WAS 8.5, How to avoid annotation scanning?

We deploy a web app on WAS, we're using PARENT_LAST class loader(we have to for some reason), during the startup, there're some warnings: [12/16/14 17:19:15:088 CST] 00000048 InjectionProc E CWNEN0044E: A resource reference binding could not be found for the com.sun.xml.ws.transport.tcp.servicechannel.ServiceChannelWSImpl/wsContext resource reference, defined for the MyProjectName component. [12/16/14...

Install wasJmsClient-2.0 feature in Liberty Profile

I am using WAS LP with Oracle Java 1.7 on windows 7 Machine. I want to use wasJmsClient-2.0 feature in in my Application. I ran the "productInfo featureInfo" command but its output doesn't display feature wasJmsClient-2.0. How can I install this feature into the server?

Monitor a remote IBM Websphere with VisualVM and JMX

I am trying to monitor a remote IBM WAS with VisualVM but I can't connect.

About the WebSphere Application Server cluster?

Cluster: A logical grouping of one or more functionally identical application server processes. A cluster provides ease of deployment, configuration, workload balancing, and fallback redundancy. A cluster is a collection of servers working together as a single system to ensure that mission-critical applications and resources remain available to clients. Clusters...

Wepshpere: order of loading of modules

We have irritating problem while deploying .war (which contains ejb components in jar inside) on two different PCs with same WAS v8.5.2.2 When we deploy our app on the first PC - everything looks good, while deploying on the second - it fails 'cause it is not able to find...

Using JMX with Jaas for jconsole authentication

I have the following scenario: I have an application that uses JMX to expose some methods, sat on a server. At present users can connect to this via the command line using jconsole. There are currently no access restrictions. Users will be logging into a machine and have access rights...

Corba NameService configuration in Websphere 8.5.5

As part of my application requirement, I have to configure a attribute called "ORBInitRef.NameService=corbaloc:iiop:ABCDE012:14888/NameService" in Websphere 8.5.5. Earlier i have used Jboss for my applciation deployment but now have to use WAS. In, WAS where should i have to configure this attribute in admin console? Is there any way to...

spnego.jar switch from Java 7 to Java 8 cast exception

I'm using spnego.jar from dfelix with Glassfish 4.1 as filter in web.xml. I asked the question on project forum but did not receive response. I want to switch from Java 1.7.0_45 to 1.8.0_45 (tried also other 1.8 versions). After switching on a test environment I'm getting the error shown below....

All I want is to access a H2 mem database in Websphere V8 using JPA 2.0

I've been struggling with this for days now and I searched dozens of articles in StackOverflow and other dev sites. I used the Deployment Manager interface to configure a Websphere Application Server with a H2 JDBC provider and a Data Source for my application using a tutorial I've found...

unable to deploy restful application liberty profile 8.2

I am trying to deploy the RESTful webservices on liberty profile I have enabled the jaxrs-1.1 feature in server and I am using Java 1.7. When I start the server it gives me following error: [ERROR ] Uncaught.init.exception.thrown.by.servlet JAX-RS Servlet accessms java.lang.NoClassDefFoundError: org/apache/wink/server/handlers/HandlersFactory at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:800) at...

Websphere Message broker multi-instance message flow

I am looking for a command to change the message broker message flow instance in the run time. I know it is quite easy with MB explorer. But I am more interested towards the server side mqsi command. Ours is a AIX env with message broker 8 installed.

Can't map roles to gropus using ibm-application-bnd.xml

I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message: [08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A SECJ0129E: ... GET в null:/loginmodule/date/, Authorization failed, Not granted any of the required roles: user-role When I try configure it with ibm...

Getting a 500 NullPointerException in Websphere - Apache Wink Rest services

I'm calling this in websphere 8.5 @GET @Path("/test") @Produces("application/json") public dtObject tester() { dtObject r = new dtObject(); r.successfulOperation(); return r; } the dtObject class @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL) @XmlRootElement public class dtObject { private String success; private String message; public dtObject() { } public void successfulOperation () { this.message = "Ok"; this.success...

Arquillian tests stop working after enabling Websphere security

Arquillian IT tests run fine till the moment I enabled the security in Websphere admin console (In order to build the login functionality). So the question is how to run Tests with Websphere security anabled. Its LDAP (Microsoft AD). Thanks Arquillian.xml ...... <container qualifier="websphere" default="true"> <configuration> <property name="remoteServerAddress">localhost</property> <property name="remoteServerSoapPort">8880</property>...

CodeSource on Liberty Profile

I'm trying to deploy a dropwizard (dw) application using wizard-in-a-box (wiab) on IBM Liberty Profile, but I'm encountering som issues with the io.dropwizard.util.JarLocation class. wiab will try to get the location of the Listener class wrapping the dw application but fails to do so since the CodeSource object in...

Bypassing JConsole requirement for username/password - when using a Jaas custom login module with JMX to handle authorization and authentication

I'm using JConsole to access an MBean that is running. The MBean uses a custom Jaas login module and is run with the following command: java -classpath UserLGUGroupHandlingApplication.jar;MBeanSecure.jar -com.sun.management.jmxremote.login.config=management.properties -Djava.security.auth.login.config=./sample_jaas.config com.test.running.RunningImplementation With the management.properties file looking like this: com.sun.management.jmxremote.access.file=jmxremote.access com.sun.management.jmxremote=true...

Spnego setup with websphere custom SSOAuthentication

I am trying to setup Websphere with Spnego. I have my custom SSOAuthentication implementation (the application needs to run o several different web servers). The problem i am facing is that the spnego-client configuration is being searched in wsjaas.conf file, while i have it setup in a custom conf file....

java.lang.NoClassDefFoundError while deploying the War in websphere which uses Couchbase cache

I am facing the below error while deploying the war file in Websphere-8.5.5 Caused by: java.lang.NoClassDefFoundError: org/apache/http/params/SyncBasicHttpParams at com.couchbase.client.ViewConnection.createConnections(ViewConnection.java:120) at com.couchbase.client.ViewConnection.<init>(ViewConnection.java:100) at com.couchbase.client.CouchbaseConnectionFactory.createViewConnection(CouchbaseConnectionFactory.java:184) at com.couchbase.client.CouchbaseClient.<init>(CouchbaseClient.java:247) at...

Rome 0.9 does not work correctly when module classloader order : parent last

Project description: WebSphere Application Server 7.Maven project which uses Rome0.9. <dependency> <groupId>rome</groupId> <artifactId>rome</artifactId> <version>0.9</version> </dependency> I was solving the problem with log4j not logging. The problem was that log4j.properties were already set in parent project. That's why I changed module's classloader order to Parent Last. It fixed the problem with...

Kerberos with websphere NPE

I am trying to setup Kerberos web authentication on Websphere (8.5.5). I have done my setup but when i try to access the login url i get the following NPE com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: [Servlet Error]-[Initializer]: java.lang.NullPointerException at net.sourceforge.spnego.SpnegoFilterConfig.doClientModule(SpnegoFilterConfig.java:179) at net.sourceforge.spnego.SpnegoFilterConfig.<init>(SpnegoFilterConfig.java:138) at...

@FacesComponent on shared library

I'm trying to use a custom jsf component on Websphere 8.5. The component class is annotated with @FacesComponent. The component is on a shared lib jar on the server. I already have an faces-config inside the jar META-INF folder. If the jar is inside my ear file it works as...

How use @Ressource SessionContext right?

I need a bean for inject @Ressource SessionContext ctx with JAAS. With the SessionContext can I check the user rights about ctx.isCallerInRole("ROLE"); But what is the right Bean declaration? @Statful? @Stateless? and @SessionScope? I need a instance for every User....

Websphere Application Server Secure REST API

I want to expose a REST API from Webpshere Application Server 8. I could be able to successfully expose a REST endpoint without security. But while adding security I'm getting 404 error code as follows: [5/6/15 7:44:20:369 CAT] 00000063 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation...

JBoss EAP 6.x - PolicyContext.getContext remains null

I'm using JBoss EAP 6.4 for my enterprise app and I'm a little stuck when I attempt to retrieve the active subject. Of course, the user would need to authenticate, which goes through the following code snippet LoginContext loginContext = new LoginContext("CONTEXTNAME", callbackHandler); loginContext.login(); return loginContext.getSubject(); That works just fine...

Remove or Delete existing Websphere Application Server's profile

I want to remove Websphere Application Server profile and its service from my machine. In Profile management tool i could see only option to create a profile and there is no option to delete existing profile so how to delete and remove service of existing profile?...

Is there a way to overcome DSRA9010E “'setReadOnly' is not supported on the WebSphere” exception?

our application is using Spring for TX management and is marking certain transactions as readonly. When deploying our application on websphere ( with a Oracle JDBC Connection we are getting exceptions like the following: Caused by: java.sql.SQLException: DSRA9010E: 'setReadOnly' is not supported on the WebSphere java.sql.Connection implementation. at com.ibm.ws.rsadapter.spi.InternalOracleDataStoreHelper.setReadOnly(InternalOracleDataStoreHelper.java:371) at...

JProfiler Remote Application Integration in web sphere 8.5

We are using Web Sphere 8.5 and JProfiler 8.1. I want to hook the JVM runnning in Web Sphere 8.5. I have completed the remote appl;ication integration and after that we have to add into the Startup command of my remote application right after Java command. -Xshareclasses:none -agentpath:/opt/jprofiler/bin/aix-ppc64/libjprofilerti.so=port=8849 "StartServer.sh" file...

error invoking RESTful webservice on WebSphere server

I have deployed the RESTful application using Apache Wink packaged in EAR on WebSphere ND. When the application starts it gives me the "Initialization successful" message: [5/14/15 15:56:03:588 CDT] 0000006d RestServlet I org.apache.wink.server.internal.servlet.RestServlet getApplication The system is using the my.domain.mobile.rest.RestfulResourceLoader JAX-RS application class that is named in the javax.ws.rs.Application...

jenkins with copy artifact plugin without maven from GitHub

I am trying to deploy a war file into WAS8.5 with GitHub. at first I am specifying "EAR Path" with the war file in "Websphere Deployment" option. Then I made some changes in eclipse workspace and pushed into GitHub. Jenkins is checking for latest build but unable to deploy the...

Migrate from WebSphere to Tomcat 7, No unique bean of type [com.m.g.tenancy.ITenantPlaceholderResolver] is defined: expected single bean but found 0

I'm relatively new to Spring and Tomcat, currently attempting to migrate a web application from WebSphere to Tomcat 7. I'm running into many issues along the way and tackling them one by one. Right now I'm looking at this error and I am stumped: 15:05:15.362 [localhost-startStop-1] ERROR c.m.g.t.TenantDispatcherServlet - Could...

getting IncompatibleClassChangeError while deploying EAR into WAS8.5 through Jenkins using GitHub

I have Jenkins of 1.611 version, JDK 1.7 and remote WAS8.5 is running on JDK 1.6 version. When I am trying to deploy EAR or WAR file by the help of Github (i.e., I am pushing the project from eclipse Luna which has java 7 configuration), Iam facing the following...

Many versions on one IBM Websphere server

Is it possible to deploy different versions of single application on one IBM Websphere Application Server (WAS)? For example I have: App1 with url binding http://app/1.0/service/ App2 with url binding http://app/2.0/service/ Is it possible? I think not due to port listening issue, but maybe there is some chance......

How to load balance requests using header value in IBM web server plugin?

We are using IBM Web Server plugin to load balance in a cluster of web servers. So far we are routing the requests based on URLs. We now need to route a set of requests using combination of URL and a header value. How can this be done?

Websphere MQ classes needed in Websphere Application Server

So I have a JMS application deployed on a Webpshere Application Server, this application try to connect to the queue directy using a com.ibm.mq.jms.MQConnectionFactory and I wonder if I should include Websphere MQ jars in my application or should they be provided by Websphere Application Server. My application is currenty...

Where does Workligh server log the adapter calls when the log level is set to “debug”

We have Worklight enterprise version, we were logging the adapters calls using "info"level like (WL.Logger.info("..")) and the log goes to Systemout.log file. However, we changed the log level to "debug" like (WL.Logger.debug ("..")). Where does the WL server save the debug logs? what is the file name and the...

Spring batch FileItemWriter not creating file at correct path

I have a spring batch service containing a FileItemReader,FileItemProcessor and FileItemWriter.When creating the FileItemWriter I have to set the Resource that will be my output file. I am running the batch service on websphere on a Linux machine.The problem is if I set the resource as new FileSystemResource(new File("opt\temp1\myFile.txt")), the...

How to reduce the size of ear file

The size of my EAR file has reached around 100 MB after adding many exetrnal jars. Environment : Java Spring/Websphere application server/Maven Please share the tips to reduce the size of an EAR file. Seems the exteral jars contribute most to the large size. Is it possible to follow an...