授权失败,未授予任何所需角色

时间:2016-02-12 16:46:05

标签: java soap authorization websphere jax-ws

我在JAX-WS上开发了带有SOAP接口的Web应用程序。我收到错误授权失败,未授予任何必需的角色:AUTHENTICATED 您能给我一些建议吗? 我的配置是: 的的web.xml 

<security-constraint>
    <display-name>AuthConstr</display-name>
    <web-resource-collection>
        <web-resource-name>AuthConstraint</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>PUT</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
        <http-method>OPTIONS</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description>All HAI authenticated users</description>
        <role-name>AUTHENTICATED</role-name>
    </auth-constraint>
</security-constraint>
<security-role>
    <role-name>AUTHENTICATED</role-name>
</security-role>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
</login-config>

application.xml 是:

<security-role id="SecurityRole_AUTHENTICATED">
    <role-name>AUTHENTICATED</role-name>
</security-role>

IBM-应用bnd.xml 

<?xml version="1.0" encoding="UTF-8"?> <application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://websphere.ibm.com/xml/ns/javaee"
             xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_1.xsd"
             version="1.1">

<security-role name="AUTHENTICATED">
    <special-subject type="ALL_AUTHENTICATED_USERS"/>
</security-role>

同样在Java WS中我使用注释

@RolesAllowed("AUTHENTICATED")

1 个答案:

答案 0 :(得分:0)

我不知道你什么时候收到此错误但至少我认为你需要从安全的URL模式中排除登录页面。在被要求进行身份验证时,没有人可以同时进行身份验证。 我的意思是,如果您将所有受保护的“资源”置于“安全”路径下,则可以将<url-pattern>/*</url-pattern>设置为<url-pattern>/secured/*</url-pattern>并避免保护登录页面。

相关问题
最新问题