Topic
4 replies Latest Post - ‏2013-04-19T17:20:23Z by miketrad
SystemAdmin
SystemAdmin
37426 Posts
ACCEPTED ANSWER

Pinned topic Failure to query ConfigService via JMX when DMGR security is enabled.

‏2012-03-21T13:48:00Z |
Hi,

We are trying to resolve the hostname and BOOTSTRAP_ADDRESS port of a node in a DMGR 7.0 environment using the ConfigService as in the following code that runs on one
of the servers managed by the DMGR:
=======================================================================================================================================================================
Session session = new Session();
ConfigService cs = ConfigServiceFactory.getConfigService();
if (cs == null) {
Properties prop = new Properties();
prop.setProperty("location", "local");
try {
cs = ConfigServiceFactory.createConfigService(true, prop);
} catch (AdminException e) {
System.out.println(e);
}
}
ObjectName[] serverIndexONs = cs.resolve(session, "Node=" + nodeName + ":ServerIndex="); <-- Exception Here
=======================================================================================================================================================================

The security is enabled in the DMGR.
This code works well if security is disabled. When the security is enabled, we get the below exceptions:

=======================================================================================================================================================================
3/21/12 14:44:22:438 IST 00000022 RoleBasedAuth E SECJ0326E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: role name administrator. The stack trace is java.lang.Exception: Invocation and received credentials are both null
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.isGrantedAnyRole(RoleBasedAuthorizerImpl.java:1536)
at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess(AdminAuthorizerImpl.java:779)
at com.ibm.ws.management.authorizer.AdminAuthorizerImpl.checkAccess(AdminAuthorizerImpl.java:244)
at com.ibm.ws.management.repository.FileRepository.checkInvocationPermission(FileRepository.java:2463)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1095)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1057)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1046)
at com.ibm.ws.management.repository.client.LocalConfigRepositoryClient.extract(LocalConfigRepositoryClient.java:141)
at com.ibm.ws.sm.workspace.impl.WorkSpaceMasterRepositoryAdapter.extract(WorkSpaceMasterRepositoryAdapter.java:849)
at com.ibm.ws.sm.workspace.impl.WorkSpaceMasterRepositoryAdapter.extract(WorkSpaceMasterRepositoryAdapter.java:824)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extract(RepositoryContextImpl.java:658)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extractOnly(RepositoryContextImpl.java:625)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extract(RepositoryContextImpl.java:609)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessorInternal(WorkspaceHelper.java:254)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:209)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:196)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:305)
at com.ibm.ws.management.configservice.MOFUtil.convertToEObject(MOFUtil.java:141)
at com.ibm.ws.management.configservice.ConfigServiceImpl.checkAccess(ConfigServiceImpl.java:2794)
at com.ibm.ws.management.configservice.ConfigServiceImpl.queryConfigObjects(ConfigServiceImpl.java:936)
at com.ibm.ws.management.configservice.ConfigServiceImpl.resolve(ConfigServiceImpl.java:995)
at com.ibm.ws.management.configservice.ConfigServiceImpl.resolve(ConfigServiceImpl.java:955)
3/21/12 14:44:22:602 IST 00000022 WorkSpaceMast E WKSP0012E: Exception while extracting cells/dmgrCell20/nodes/node123_1test/node.xml from ConfigRepository--com.ibm.websphere.management.exception.RepositoryException: Caller is not in the required role to access restricted document(s)
at com.ibm.ws.management.repository.FileRepository.throwRepositoryException(FileRepository.java:1445)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1102)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1057)
at com.ibm.ws.management.repository.FileRepository.extract(FileRepository.java:1046)
at com.ibm.ws.management.repository.client.LocalConfigRepositoryClient.extract(LocalConfigRepositoryClient.java:141)
at com.ibm.ws.sm.workspace.impl.WorkSpaceMasterRepositoryAdapter.extract(WorkSpaceMasterRepositoryAdapter.java:849)
at com.ibm.ws.sm.workspace.impl.WorkSpaceMasterRepositoryAdapter.extract(WorkSpaceMasterRepositoryAdapter.java:824)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extract(RepositoryContextImpl.java:658)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extractOnly(RepositoryContextImpl.java:625)
at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.extract(RepositoryContextImpl.java:609)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessorInternal(WorkspaceHelper.java:254)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:209)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:196)
at com.ibm.ws.management.configservice.WorkspaceHelper.getDocAccessor(WorkspaceHelper.java:305)
at com.ibm.ws.management.configservice.MOFUtil.convertToEObject(MOFUtil.java:141)
at com.ibm.ws.management.configservice.ConfigServiceImpl.checkAccess(ConfigServiceImpl.java:2794)
at com.ibm.ws.management.configservice.ConfigServiceImpl.queryConfigObjects(ConfigServiceImpl.java:936)
at com.ibm.ws.management.configservice.ConfigServiceImpl.resolve(ConfigServiceImpl.java:995)
at com.ibm.ws.management.configservice.ConfigServiceImpl.resolve(ConfigServiceImpl.java:955)
=======================================================================================================================================================================

Any clue how we can resolve this issue ?
Updated on 2012-04-06T17:21:57Z at 2012-04-06T17:21:57Z by dp.websphere
  • dp.websphere
    dp.websphere
    27 Posts
    ACCEPTED ANSWER

    Re: Failure to query ConfigService via JMX when DMGR security is enabled.

    ‏2012-04-06T17:21:57Z  in response to SystemAdmin
    Hi Yotam,

    I think, the task is failing due to lack of the credentials supplied in the code.

    SECJ0326E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: role name {0}. The stack trace is {1}.

    Explanation: No invocation or received credentials were established on this thread. This may cause the role based authorization check to fail.
    Action: The stack trace is obtained by a local throw catch block that may be useful for debugging the problem.

    Thanks,
    DP.
  • miketrad
    miketrad
    2 Posts
    ACCEPTED ANSWER

    Re: Failure to query ConfigService via JMX when DMGR security is enabled.

    ‏2013-04-19T15:16:09Z  in response to SystemAdmin

    Hi. Did you solve your problem? I'm having a similar issue. The final objective here is the same: obtain a port form the server.