Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
No replies
Roman Svystun
Roman Svystun
1 Post
ACCEPTED ANSWER

Pinned topic Can't make secure JMX connection to OAuth enabled server

‏2013-11-27T09:39:07Z |

Once I add oauth-2.0 feature to the server xml configuration I'm no longer able to connect to this server using rest connector. The server always complains that the specified user has no administrative roles:

CWWKX0215E: There was a problem with the user name or password provided. The server responded with code 403 and message 'Forbidden'

0000001c .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A CWWKS9104A: Authorization failed for user test test :  test BasicRealm while invoking com.ibm.ws.management.security.resource on /. The user is not granted access to any of the required roles: [Administrator].

I've tried adding the test user to oauth-roles, administrator-role and authorization-roles separately and all at once but it didn't help.

My server xml config looks like this:

<server description="oauth">
 
<featureManager>
<feature>oauth-2.0</feature>
<feature>ssl-1.0</feature>
<feature>restConnector-1.0</feature>
</featureManager>
 
<oauth-roles id="oathrole">
<authenticated>
<user name="test"/>
</authenticated>
</oauth-roles>
 
<oauthProvider id="SampleProvider" filter="request-url%=ssodemo"
allowPublicClients="true" authorizationErrorTemplate="goerror.html"
clientTokenCacheSize="780080" characterEncoding="UTF-8">
<localStore>
<client name="test" secret="test"
displayname="Test client number 1" redirect="http://localhost:1234/oauthclient/redirect.jsp"
enabled="true" />
</localStore>
 
<autoAuthorizeClient>test</autoAuthorizeClient>
<grantType>authorization_code,password,refresh_token</grantType>
</oauthProvider>
 
<webAppSecurity allowFailOverToBasicAuth="true"/>
 
<basicRegistry id="basic" realm="BasicRealm">
<user name="test" password="test" />
</basicRegistry>
 
<administrator-role>
<user>test</user>
</administrator-role>
 
 
<httpEndpoint id="defaultHttpEndpoint" httpPort="9103"
httpsPort="9104" host="*" enabled="true" />
<keyStore id="defaultKeyStore" password="test" />
 
<authorization-roles id="yoyo">
<security-role name="com.ibm.ws.management.security.resource">
<user name="test" access-id="user:BasicRealm/test"></user>
<special-subject type="EVERYONE"></special-subject>
</security-role>
</authorization-roles>
</server>

Any help is much appreciated.