Authorization failed for /UNAUTHENTICATED while invoking (Bean)

Troubleshooting

Problem

WebSphere Application Server does not appear to be protecting/unprotecting resources as specified in the web.xml file. As a result, you see users suddenly become null or unauthenticated when being redirected to a certain URL.

Symptom

You are not able to login successfully. The SystemOut.log file shows the following:
[1/29/11 17:51:08:657 CET] 00000020 SecurityColla 3 Authorization failed accessing EJB
com.ibm.ws.security.core.AccessException: Subject:
Principal: /UNAUTHENTICATED
Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@7ffd7ffd
is not granted any of the required roles: X5 X6 X10 X13 X14 X15 X16
at com.ibm.ws.security.core.WSAccessManager.checkAccess(WSAccessManager.java:448)
at com.ibm.ws.security.core.SecurityCollaborator.ejbCheckAuthorization(SecurityCollaborator.java:1527)
at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:529)

In some cases, you might also see the following messages:

[1/29/11 17:51:08:673 CET] 00000020 WSCredentialI < getRealmSecurityName Exit /UNAUTHENTICATED
[1/29/11 17:51:08:673 CET] 00000020 SecurityColla A SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Bean)NAME_APP.EAR#NAME_CORE.jar#ListeDeValeursSession getListeDeValeursByNomListe:ae.tci.name.core.mapping.IInputData,ae.tci.name.core.audit.AuditData,ae.tci.name.core.mapping.OutputData:1 Subject:
Principal: /UNAUTHENTICATED
Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@7ffd7ffd
is not granted any of the required roles: X5 X6 X10 X13 X14 X15 X16

Cause

The <url-pattern> tag only allows a very restricted subset of wildcards. From the Java Servlet Specification 2.4:

`"SRV.11.2 Specification of Mappings:` `In the Web application deployment descriptor, the following syntax is used to define mappings:` `A string beginning with a ‘/’ character and ending with a ‘/’ suffix is used for path mapping.` `A string beginning with a ‘.’ prefix is used as an extension mapping.` `A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.` `All other strings are used for exact matches only"`

Diagnosing The Problem

You can check if the URL is specified in web.xml file with <url-pattern> that includes wildcard.

Resolving The Problem

The servlet specification supports only a subset of wildcard expression, so it is suggested that you set the full URL in <url-pattern>.

For example:

<security-constraint> <display-name>00001</display-name> <web-resource-collection> <web-resource-name>00001</web-resource-name> <url-pattern>/j_security_check</url-pattern> non-working `<url-pattern>fileName.do</url-pattern>`working* <url-pattern>fileName.do</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection>

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Authorization failed for /UNAUTHENTICATED while invoking (Bean)

Troubleshooting

Problem

Symptom

Cause

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?