'Liberty server 19.0.0.9 -how to authorize unauthenticated user

I have new problem with container security . On the server i have two ears first call service from second. On service there is @RolesAllowed("Authenticated"). My configuration in server.xml looks like this:

<featureManager>
    <feature>jndi-1.0</feature>
    <feature>distributedMap-1.0</feature>
    <feature>localConnector-1.0</feature>
    <feature>wasJmsClient-2.0</feature>
    <feature>jdbc-4.1</feature-->
    <feature>javaMail-1.5</feature>
    <feature>json-1.0</feature>
    <feature>adminCenter-1.0</feature>
    <feature>appSecurity-2.0</feature>
    <feature>beanValidation-2.0</feature>
    <feature>cdi-2.0</feature>
    <feature>jsf-2.3</feature>
    <feature>mdb-3.2</feature>
    <feature>ejbHome-3.2</feature>
    <feature>ejbLite-3.2</feature>
    <feature>ejbRemote-3.2</feature>
    <feature>jca-1.7</feature>
    <feature>concurrent-1.0</feature>
    <feature>jms-2.0</feature>
    <feature>appClientSupport-1.0</feature>
    <feature>ldapRegistry-3.0</feature>
  </featureManager>


<basicRegistry id="basic" realm="customRealm">
    <user password="{xor}Ozo5Kiw6LQ==" name="defuser" />
</basicRegistry>

Both ears contains identical configuration

<application-bnd>
    <security-role name="All Role">
        <special-subject type="ALL_AUTHENTICATED_USERS" />
    </security-role>
</application-bnd>

The second ear contains ibm-application-ibd.xml file but i can not edit it. Best would be to override it. When i call service from second ear i still get exception : Caused by: javax.ejb.EJBAccessException: CWWKS9400A: Authorization failed for user UNAUTHENTICATED while invoking

Eny ideas ?

webspherewebsphere-libertyopen-liberty


Solution 1:[1]

Liberty allows you to override application binding files using the server config element application-bnd, see IBM KnowledgeCenter topic https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.liberty.autogen.base.doc/ae/rwlp_config_enterpriseApplication.html#application-bnd and https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_rolebased.html for details.

Solution 2:[2]

According to my experience configuring the authentication with Websphere Liberty, the login showed up only for restricted pages only, so the app needs to definen some security constraint in the web.xml like this example:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secured API</web-resource-name>
        <url-pattern>/s/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>user</role-name>
</security-role>

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 F Rowe
Solution 2 Jose Manuel Gomez Alvarez

Related Questions

WebSphere Server V.8.5 troubles with Eclipse project

What should I do to handle WebServiceException:

Can any find the solution for this Error in IBM DB2?

How can I prevent a CA7 job with two schedule IDs from conflicting when they run on the same day?

SSL handshake_failure on Websphere 8.5 (working on Tomcat)

How can I get client IP in IBM MobileFirst8

Getting basic authentication box appear when trying SSO (Websphere/keytabs)

LinkageError: loading constraint violation when overriding method javax/xml/stream/XMLInputFactory.createXMLEventReader

Create and retrieve documents from IBM BPM document store using a service without any UI

Multithreaded EJB client

How to configure outlook emails with Liberty server

Spring-boot : Set Timeout on REST @ Server Side

Getting CWWKF0044E incompatible feature error using Open Liberty with Maven, but I didn't configure incompatible features

Getting CWWKF0044E incompatible feature error using Open Liberty with Maven, but I didn't configure incompatible features