Topic
6 replies Latest Post - ‏2013-03-14T15:24:59Z by SystemAdmin
SystemAdmin
SystemAdmin
693 Posts
ACCEPTED ANSWER

Pinned topic Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

‏2013-03-13T22:35:41Z |
I am trying to use FileNet Java APIs to connect to FileNet CE & PE. I can connect to CE using CEWS transport, But when try using EJB Transport I am getting this error:

FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED: Access to Content Engine was not allowed because the request was made anonymously instead of by an authenticated user.
I tried few things IBM recommended here - http://pic.dhe.ibm.com/infocenter/p8docs/v5r0m0/index.jsp?topic=%2Fcom.ibm.p8.ce.msgs.doc%2Ffnrcs0001e.htm

Following are my Eclipse settings and configurations:

1. Eclipse JAVA_HOME set to IBM JDK

2. VM arguments as recommended by API documetation
-Djava.security.auth.login.config=C:\IBM\jaas.conf.WebSphere
-Dcom.ibm.CORBA.ConfigURL=C:\IBM\sas.client.props
-Djava.ext.dirs=C:\IBM\java\jre\lib\ext;C:\IBM\lib;C:\IBM\plugins

3. Changes to both local and sever - sas.client.props file.
com.ibm.CORBA.securityServerHost=myserver
com.ibm.CORBA.securityServerPort=2809
com.ibm.CORBA.loginTimeout=600

Despite these changes I still get the same error
Updated on 2013-03-14T15:24:59Z at 2013-03-14T15:24:59Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    693 Posts
    ACCEPTED ANSWER

    Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

    ‏2013-03-13T22:41:32Z  in response to SystemAdmin
    I am actually trying to run the sample code of IBM for FileNet 5.1

    public class CEConnection
    {
    private Connection con;
    private Domain dom;
    private String domainName;
    private ObjectStoreSet ost;
    private Vector osnames;
    private boolean isConnected;
    private UserContext uc;

    /*
    * constructor
    */
    public CEConnection()
    {
    con = null;
    uc = UserContext.get();
    dom = null;
    domainName = null;
    ost = null;
    osnames = new Vector();
    isConnected = false;
    }

    /*
    * Establishes connection with Content Engine using
    * supplied username, password, JAAS stanza and CE Uri.
    */
    public void establishConnection(String userName, String password, String stanza, String uri)
    {
    con = Factory.Connection.getConnection(uri);
    Subject sub = UserContext.createSubject(con,userName,password,stanza);
    System.out.println("Subject::"+sub.toString());
    uc.pushSubject(sub);
    dom = fetchDomain();
    domainName = dom.get_Name();
    ost = getOSSet();
    isConnected = true;
    }

    /*
    * Returns Domain object.
    */
    public Domain fetchDomain()
    {
    // dom = Factory.Domain.getInstance(con, null);
    dom = Factory.Domain.fetchInstance(con, null, null);

    return dom;
    }

    /*
    * Returns ObjectStoreSet from Domain
    */
    public ObjectStoreSet getOSSet()
    {
    ost = dom.get_ObjectStores();
    return ost;
    }

    /*
    * Returns vector containing ObjectStore
    * names from object stores available in
    * ObjectStoreSet.
    */
    public Vector getOSNames()
    {
    if(osnames.isEmpty())
    {
    Iterator it = ost.iterator();
    while(it.hasNext())
    {
    ObjectStore os = (ObjectStore) it.next();
    osnames.add(os.get_DisplayName());
    }
    }
    return osnames;
    }

    /*
    * Checks whether connection has established
    * with the Content Engine or not.
    */
    public boolean isConnected()
    {
    return isConnected;
    }

    /*
    * Returns ObjectStore object for supplied
    * object store name.
    */
    public ObjectStore fetchOS(String name)
    {
    ObjectStore os = Factory.ObjectStore.fetchInstance(dom, name, null);
    return os;
    }

    /*
    * Returns the domain name.
    */
    public String getDomainName()
    {
    return domainName;
    }

    public static void main(String[] args)
    {
    CEConnection ceObj=new CEConnection();

    // ceObj.establishConnection("pingu", "filenet", "FileNetP8WSI", "http://myservername:9080/wsi/FNCEWS40MTOM/");
    ceObj.establishConnection("pingu", "filenet", "FileNetP8", "iiop://myservername:2809/FileNet/Engine");
    }
    }
    • SystemAdmin
      SystemAdmin
      693 Posts
      ACCEPTED ANSWER

      Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

      ‏2013-03-13T22:54:08Z  in response to SystemAdmin
      are you hosting this as a web app in WebSphere?

      if your jass is correct (can't tell since i don't know the contents of your jaas files) i'd bet you don't have the url patterns for your servlet endpoints restricted. WAS doesn't include your jaas idenity for unsecure resources by default.

      You should secure your urls to a role and make sure your user is added to that role.

      it's much easier to include identity for even unsecured URLs, this is a checkbox options in the security config of WAS.
      • SystemAdmin
        SystemAdmin
        693 Posts
        ACCEPTED ANSWER

        Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

        ‏2013-03-13T23:02:21Z  in response to SystemAdmin
        Something easy to try:

        -Djava.security.auth.login.config=*file:*C:\IBM\jaas.conf.WebSphere
        -Dcom.ibm.CORBA.ConfigURL=*file:*C:\IBM\sas.client.props

        Notice the "file:" prefix. Definitely needed for the second line, maybe needed (and doesn't hurt) for the first line.
        • SystemAdmin
          SystemAdmin
          693 Posts
          ACCEPTED ANSWER

          Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

          ‏2013-03-13T23:03:49Z  in response to SystemAdmin
          Sorry, those asterisks were supposed to turn it into bold, but they stayed as literal asterisks. Repeating for clarity:

          -Djava.security.auth.login.config=file:C:\IBM\jaas.conf.WebSphere
          -Dcom.ibm.CORBA.ConfigURL=file:C:\IBM\sas.client.props
          • SystemAdmin
            SystemAdmin
            693 Posts
            ACCEPTED ANSWER

            Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

            ‏2013-03-14T15:22:12Z  in response to SystemAdmin
            Thanks guys. Really appreciate your inputs.

            @Dr.Damour - I am trying to run as standalone java class
            @WJCarpenter - You are spot on :). This path resolved my issue. Thanks

            -Djava.security.auth.login.config=file:C:\IBM\jaas.conf.WebSphere
            • SystemAdmin
              SystemAdmin
              693 Posts
              ACCEPTED ANSWER

              Re: Java API over EJB transport - FNRCS0001E: SECURITY_ANONYMOUS_DISALLOWED

              ‏2013-03-14T15:24:59Z  in response to SystemAdmin
              Sorry..Typo

              jaas.conf.WebSphere Path was not the issue. It was sas.client.props path. Appending file: resolved the issue

              -Dcom.ibm.CORBA.ConfigURL=file:C:\IBM\sas.client.props