尝试在6.1工作灯服务器上设置安全性(完整WAS 8.5.5)
获取错误:
SRVE0232E: Internal Server Error.
Exception Message: [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.]
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.
IBM WebSphere Application Server
我在部署新的WAR文件之前编辑了以下文件......
worklight.properties:
#######################################################################################################################
# Protecting the Worklight Console
#######################################################################################################################
# You can protect the Worklight Console by defining user credentials required to access it.
# In addition to defining these two properties, you should also configure the authenticationConfig.xml file,
# located under <Worklight Root Directory>\server\conf.
console.username=consoleadmin
console.password=consolepassword
Authenticationconfig.xml:
<!-- Uncomment the next element to protect the worklight console and the first section in securityTests below. -->
<staticResources>
<resource id="worklightConsole" securityTest="WorklightConsole">
<urlPatterns>/console*</urlPatterns>
</resource>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
<securityTests>
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>