This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
EP build21: EAR1.4 with wss liberty profile does not work. Vidhya found out a workaround, so file it as p2. Execution liberty sample with liberty x509 token profile failed with following shown on the browser: HTTP Status 403 - Access to the requested resource has been denied -------------------------------------------------------------------------------- type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. -------------------------------------------------------------------------------- Sun Java System Application Server Platform Edition 9.0_01
The issue occurs for J2EE 1.4 web applications bundled in a ear and secured with Liberty token profile. The problem is that the sun-application.xml in the Enterprise application doesnt contain the security-role-mapping needed to allow the current authN user to use the application. The workaround for this issue is to manually add these lines to the EnterpriseApplication->Configuration Files->sun-application.xml file. <security-role-mapping> <role-name>AUTHENTICATED_USERS</role-name> <principal-name>AUTHENTICATED_USERS</principal-name> </security-role-mapping> There is currently no hook into the ear application for identity tooling to make this change programatically. I think we need to release note this issue.
Peter just found out this useful info also:Hi Vidhya, If you open up the config editor for sun-application.xml, it says in there that if you have roles defined in a module, you need to manually add the security role mapping using the xml text editor. So, I guess they are aware of the shortcoming and this is the solution they have for now. So, at this point, the only thing we can do is to document it. Peter