• Entries (RSS)
  • Comments (RSS)

UNAUTHENTICATED is not granted any of the required roles: eventAdministrator eventCreator catalogAdministrator

Posted by | Posted in Websphere Process Server / Integration Developer | Posted on 09-11-2008

Tagged Under : , , , ,

Yesterday one of my readers ping me in Google talk and said that he is facing some issues in WebSphere Integration Developer. He was getting an exception while trying to call a WID web service from a web application. The exception was

com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)ejb/com/ibm/events/bus/EventBus createEvent(org.eclipse.hyades.logging.events.cbe.CommonBaseEvent):3 securityName: /UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the required roles: eventAdministrator eventCreator catalogAdministrator
	at com.ibm.ws.monitoring.core.EventPointImpl$1.run(EventPointImpl.java:388)
	at java.security.AccessController.doPrivileged(AccessController.java:197)
	at com.ibm.ws.monitoring.core.EventPointImpl.fire(EventPointImpl.java:386)
	at com.ibm.bpe.monitor.EventEvaluationResult.fireEvent(EventEvaluationResult.java:148)
	at com.ibm.bpe.engine.observer.ProcessInstanceEventTypeHandler.processBPELEvent(ProcessInstanceEventTypeHandler.java:240)
	at com.ibm.bpe.engine.observer.CEMSOPContextRestored.processInstanceEvent(CEMSOPContextRestored.java:188)
	at com.ibm.bpe.engine.observer.BpelStateObserverContextImpl.restoreContextAndFireProcessInstanceEvent(BpelStateObserverContextImpl.java:1024)
	at com.ibm.bpe.engine.observer.CEMStateObserverPlugin.processInstanceEvent(CEMStateObserverPlugin.java:212)
	at com.ibm.bpe.engine.observer.BpelStateObserver.observe(BpelStateObserver.java:989)
	... 71 more
Caused by: com.ibm.ws.monitoring.core.CEIEmitRuntimeException: com.ibm.events.emitter.SendFailureException: CEIEM0025E The emitter failed to send the events to the event server. The local event bus enterprise bean on the event server failed during event processing.

This is because the user is not authenticated and hence he does not have any required roles to invoke the specified service. To resolve this exception either authenticates your user who is trying to call the web service or logon to admin console and make the following changes.

Click on Service Integration from Left hand side menu of admin console. Click on Common Event Infrastructure -> Event service -> Map security roles to users or groups and select the ‘Everyone’ checkbox for all the required roles. Save the changes and restart your server. You are done.

Share

Read More

Comments

2 comments posted onUNAUTHENTICATED is not granted any of the required roles: eventAdministrator eventCreator catalogAdministrator

  1. Excellent post! This saved me a lot of time :mrgreen:

    Thank you!

  2. Mostly its not good way to change the existing application security role ,
    best way is to authenticate the user and you can use authenticate the user using Jaas api.

    Below is the code which does the authenticate and then call the secured resource api. Also i have used default CallbackHandler, you can use user callback if you to

    javax.security.auth.login.LoginContext lc = null;

    try {
    lc = new javax.security.auth.login.LoginContext(“WSLogin”,
    new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl
    (“usernam”, “password”));

    // create a LoginContext and specify a CallbackHandler implementation
    // CallbackHandler implementation determine how authentication data is collected
    // in this case, the authentication data is “pushed” to the authentication
    // mechanism implemented by the LoginModule.
    } catch(javax.security.auth.login.LoginException e) {
    System.err.println(“ERROR: failed to instantiate a LoginContext ”
    + “and the exception: ” + e.getMessage());
    e.printStackTrace();

    // may be javax.security.auth.AuthPermission “createLoginContext” is not granted
    // to the application, or the JAAS login configuration is not defined.
    }

    if (lc != null)
    {
    try
    {

    lc.login(); // perform login

    // get the authenticated subject
    javax.security.auth.Subject s = lc.getSubject();

    // Invoke a J2EE resources using the authenticated subject
    com.ibm.websphere.security.auth.WSSubject.doAs(s,
    new java.security.PrivilegedAction()
    {
    public Object run() {
    try {
    bankAccount.deposit(100.00);
    // where bankAccount is an protected resource
    } catch (Exception e) {
    System.out.println(“ERROR: error while accessing resource, exception: ” +
    e.getMessage());
    e.printStackTrace();
    }
    return null;
    }
    });

    } catch (javax.security.auth.login.LoginException e)
    {
    System.err.println(“ERROR: login failed with exception: ” + e.getMessage());
    e.printStackTrace();

    // login failed, might want to provide relogin logic
    }
    }

    }

Post a Comment