ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » WAS Global Security Issue.

Post new topic  Reply to topic
 WAS Global Security Issue. « View previous topic :: View next topic » 
Author Message
jidvishrawal
PostPosted: Mon May 14, 2007 9:20 pm    Post subject: WAS Global Security Issue. Reply with quote

Apprentice

Joined: 07 Mar 2007
Posts: 29
Location: USA
I am receiving this authentication error while starting up my WAS server through WID v6.0.2 Please help me with this

Code:



[5/14/07 20:50:51:877 IST] 00000061 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user UNAUTHENTICATED (unique ID: UNAUTHENTICATED) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/14/07 20:50:56:393 IST] 0000000f RoleBasedAuth E   SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method getName on resource Server and module Server. The stack trace is java.lang.Exception: Invocation and received credentials are both null
   at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java(Compiled Code))
   at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1799)
   at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1706)
   at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1636)
   at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1609)
   at com.ibm.ws.management.AdminServiceImpl.getAttribute(AdminServiceImpl.java:590)
   at com.ibm.ws.management.connector.AdminServiceDelegator.getAttribute(AdminServiceDelegator.java:117)
   at com.ibm.ws.management.connector.rmi.RMIConnectorService.getAttribute(RMIConnectorService.java:124)
   at com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie.getAttribute(_RMIConnectorService_Tie.java:209)
   at com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie._invoke(_RMIConnectorService_Tie.java:97)
   at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:610)
   at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:463)
   at com.ibm.rmi.iiop.ORB.process(ORB.java:439)
   at com.ibm.CORBA.iiop.ORB.process(ORB.java:1737)
   at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2350)
   at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2195)
   at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
   at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95)
   at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))


_________________
Thanks and regards,
Jiddvish Rawal
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Mon May 14, 2007 10:02 pm    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716
we received something similiar when the NodeMgr and the DMgr went out of sync. we where able to fix this by running the syncnode command. check the documentation for it.

just a guess, your problem may be different (did it work before) ?
_________________
Regards, Butcher
Back to top
View user's profile Send private message
jidvishrawal
PostPosted: Mon May 14, 2007 10:11 pm    Post subject: Reply with quote

Apprentice

Joined: 07 Mar 2007
Posts: 29
Location: USA
Yeah, It did work before. I changed some settings and it stopped working.
After doing some more trials resulting into errors. I have received this out put now.
Code:

[5/15/07 11:40:06:468 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/15/07 11:40:10:906 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/15/07 11:40:15:406 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/15/07 11:40:19:906 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/15/07 11:40:24:406 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.
[5/15/07 11:40:28:906 IST] 00000011 RoleBasedAuth A   SECJ0305I: The role-based authorization check failed for admin-authz operation Server:getName.  The user jidvish (unique ID: user:customRealm/194238) was not granted any of the following required roles: administrator, operator, configurator, monitor.


_________________
Thanks and regards,
Jiddvish Rawal
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue May 15, 2007 6:33 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
This last error looks to me like a deployment problem.
You need to define the users to the roles they can have.

After that only will role based authorization work.

Enjoy
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
mdncan
PostPosted: Thu May 17, 2007 6:26 am    Post subject: Reply with quote

Acolyte

Joined: 11 May 2005
Posts: 59
Location: US
I guess you should sync the nodes once again:

http://www-1.ibm.com/support/docview.wss?uid=swg21139244

If it doesn't work try to restart the machine, sometimes it works with restart.
Back to top
View user's profile Send private message
jidvishrawal
PostPosted: Thu May 17, 2007 11:02 pm    Post subject: WAS Global Security issue[PROBLEM SOLVED] Reply with quote

Apprentice

Joined: 07 Mar 2007
Posts: 29
Location: USA
Hi All,
You need to enable security while creating the profile itself, enabling the global security after it, can be a real challenge specially while using custom registry. There are many many configurations which are supposed to be changed so the best way is to create a new profie, its worked for me.
_________________
Thanks and regards,
Jiddvish Rawal
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » WAS Global Security Issue.
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.