Comments on: UNAUTHENTICATED is not granted any of the required roles: eventAdministrator eventCreator catalogAdministrator http://www.albeesonline.com/blog/2008/11/09/unauthenticated-is-not-granted-any-of-the-required-roles-eventadministrator-eventcreator-catalogadministrator/ Something about JEE and WebSphere. Java, JEE and WebSphere tips and tutorials Mon, 30 Jan 2012 13:08:13 +0000 hourly 1 http://wordpress.org/?v= By: Niraj http://www.albeesonline.com/blog/2008/11/09/unauthenticated-is-not-granted-any-of-the-required-roles-eventadministrator-eventcreator-catalogadministrator/comment-page-1/#comment-82490 Niraj Tue, 28 Jun 2011 11:41:55 +0000 http://www.albeesonline.com/blog/?p=265#comment-82490 Mostly its not good way to change the existing application security role , best way is to authenticate the user and you can use authenticate the user using Jaas api. Below is the code which does the authenticate and then call the secured resource api. Also i have used default CallbackHandler, you can use user callback if you to javax.security.auth.login.LoginContext lc = null; try { lc = new javax.security.auth.login.LoginContext("WSLogin", new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl ("usernam", "password")); // create a LoginContext and specify a CallbackHandler implementation // CallbackHandler implementation determine how authentication data is collected // in this case, the authentication data is "pushed" to the authentication // mechanism implemented by the LoginModule. } catch(javax.security.auth.login.LoginException e) { System.err.println("ERROR: failed to instantiate a LoginContext " + "and the exception: " + e.getMessage()); e.printStackTrace(); // may be javax.security.auth.AuthPermission "createLoginContext" is not granted // to the application, or the JAAS login configuration is not defined. } if (lc != null) { try { lc.login(); // perform login // get the authenticated subject javax.security.auth.Subject s = lc.getSubject(); // Invoke a J2EE resources using the authenticated subject com.ibm.websphere.security.auth.WSSubject.doAs(s, new java.security.PrivilegedAction() { public Object run() { try { bankAccount.deposit(100.00); // where bankAccount is an protected resource } catch (Exception e) { System.out.println("ERROR: error while accessing resource, exception: " + e.getMessage()); e.printStackTrace(); } return null; } }); } catch (javax.security.auth.login.LoginException e) { System.err.println("ERROR: login failed with exception: " + e.getMessage()); e.printStackTrace(); // login failed, might want to provide relogin logic } } } Mostly its not good way to change the existing application security role ,
best way is to authenticate the user and you can use authenticate the user using Jaas api.

Below is the code which does the authenticate and then call the secured resource api. Also i have used default CallbackHandler, you can use user callback if you to

javax.security.auth.login.LoginContext lc = null;

try {
lc = new javax.security.auth.login.LoginContext(“WSLogin”,
new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl
(“usernam”, “password”));

// create a LoginContext and specify a CallbackHandler implementation
// CallbackHandler implementation determine how authentication data is collected
// in this case, the authentication data is “pushed” to the authentication
// mechanism implemented by the LoginModule.
} catch(javax.security.auth.login.LoginException e) {
System.err.println(“ERROR: failed to instantiate a LoginContext ”
+ “and the exception: ” + e.getMessage());
e.printStackTrace();

// may be javax.security.auth.AuthPermission “createLoginContext” is not granted
// to the application, or the JAAS login configuration is not defined.
}

if (lc != null)
{
try
{

lc.login(); // perform login

// get the authenticated subject
javax.security.auth.Subject s = lc.getSubject();

// Invoke a J2EE resources using the authenticated subject
com.ibm.websphere.security.auth.WSSubject.doAs(s,
new java.security.PrivilegedAction()
{
public Object run() {
try {
bankAccount.deposit(100.00);
// where bankAccount is an protected resource
} catch (Exception e) {
System.out.println(“ERROR: error while accessing resource, exception: ” +
e.getMessage());
e.printStackTrace();
}
return null;
}
});

} catch (javax.security.auth.login.LoginException e)
{
System.err.println(“ERROR: login failed with exception: ” + e.getMessage());
e.printStackTrace();

// login failed, might want to provide relogin logic
}
}

}

]]> By: Miguel http://www.albeesonline.com/blog/2008/11/09/unauthenticated-is-not-granted-any-of-the-required-roles-eventadministrator-eventcreator-catalogadministrator/comment-page-1/#comment-30834 Miguel Tue, 24 Feb 2009 09:49:25 +0000 http://www.albeesonline.com/blog/?p=265#comment-30834 Excellent post! This saved me a lot of time :mrgreen: Thank you! Excellent post! This saved me a lot of time :mrgreen:

Thank you!

]]>