Home > OS >  Openliberty login issue "The user is not granted access to any of the required roles"
Openliberty login issue "The user is not granted access to any of the required roles"

Time:01-14

or maybe someone can tell me what is wrong.

I am working on a small app..following this tutorial : https://openliberty.io/guides/security-intro.html

Problem I get is :

Authorization failed for user bob while invoking ServletsJspExperiments on /admin. The user is not granted access to any of the required roles: [admin]

This is after I enter correct username and password in the login that is generated.

Here are the main problems..imo the problem is here somewhere:

My servlet

@FormAuthenticationMechanismDefinition(
        loginToContinue = @LoginToContinue(errorPage = "/error.html",
                loginPage = "/login.html"))
@ServletSecurity(value = @HttpConstraint(rolesAllowed = { "user", "admin" },
        transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL))
public class AdminServlet extends HttpServlet {

    @Inject
    private SecurityContext securityContext;

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        System.out.println("Inside doGet AdminServlet");
        if (securityContext.isCallerInRole("admin")) {
//            resp.sendRedirect("/admin.jsf");
            resp.getWriter().println("You are in admin page");
        }
    }
}

My server.xml

 <featureManager>
        <feature>appSecurity-4.0</feature>

        <feature>servlet-5.0</feature>

        <!-- needed to run JSP examples -->
        <feature>pages-3.0</feature>

        <!-- needed to make JDBC calls -->
        <feature>jdbc-4.3</feature>

        <!-- for TLS -->
        <feature>transportSecurity-1.0</feature>
    </featureManager>

  ....

    <include location="userRegistry.xml"/>

    <webApplication location="ServletExperiments.war" contextRoot="${app.context.root}">

        <application-bnd>
            <security-role name="admin">
                <user name="bob" />
            </security-role>
        </application-bnd>
    </webApplication>

userRegistry.xml file. (this is included from the server.xml)

<server description="Sample Liberty server">
    <basicRegistry id="basic" realm="WebRealm">
        <user name="bob"
              password="{xor}PTA9Lyg7" /> <!-- bobpwd -->
    </basicRegistry>
</server>

My web.xml file...only the relevant parts

<!-- SECURITY ROLES -->
<security-role>
    <role-name>admin</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>AdminViewProperties</web-resource-name>
        <url-pattern>/admin</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

Update ..added logs that appear when i try to do the login

[1/12/23, 17:13:20:637 EET] 0000002b com.ibm.ws.security.token.internal.TokenManagerImpl          I CWWKS4001I: The security token cannot be validated. This can be for the following reasons
1. The security token was generated on another server using different keys.
2. The token configuration or the security keys of the token service which created the token has been changed.
3. The token service which created the token is no longer available.
[1/12/23, 17:13:20:642 EET] 0000002b com.ibm.ws.security.jaspi.JaspiServiceImpl                   I CWWKS1652A: Authentication failed with status AuthStatus.SEND_CONTINUE for the web request /ServletsJspExperiments/admin. The user defined Java Authentication SPI for Containers (JASPIC) service null has determined that the authentication data is not valid.
[1/12/23, 17:13:25:136 EET] 0000003a com.ibm.ws.security.javaeesec.cdi.beans.Utils                I CWWKS1930I: The configured IdentityStore object was not found. If a user registry is configured, it will be used instead. If the IdentityStore object must be used, make sure that the IdentityStore object is configured properly.
[1/12/23, 17:13:25:170 EET] 0000003f y.authorization.builtin.internal.BuiltinAuthorizationService I CWWKS2104I: The authorization decision for resources in application ServletsJspExperiments will be made by using the group names of the user that matches the role names required to access that resource.
[1/12/23, 17:13:25:171 EET] 0000003f .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A CWWKS9104A: Authorization failed for user bob while invoking ServletsJspExperiments on /admin. The user is not granted access to any of the required roles: [admin].

CodePudding user response:

Ok, found your issue :-)))

Your pom.xml file is inconsistent with server.xml file. The pom file assumes that your app is called: <artifactId>ServletsJspExperiments</artifactId> but in the server.xml you are configuring app that is called: location="ServletExperiments.war", and that is different, conflicting app. :-)

So to fix change this in your server.xml as follows (missing Jsp text):

<webApplication location="ServletJspExperiments.war" contextRoot="${app.context.root}">

Page link:https//www.codepudding.com/os/671918.html

Prev:Using a for loop and if statement in Python
Next:Hadoop MapReduce job failing in launch_container.sh
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding