Entries in the NidsJaccRoles.xml file indicate whether the RunAs roles and user/grouptorole mappings are automatically propagated to the JAAC module. If you use SLES as your WebSphere host, the file is located in a path similar to the following example:
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/novell/cells/sles10Node01Cell/nodes/sles10Nodeo1/servers/server1/NidsJaccRoles.xml
The entries look similar to the following:
<J2EERole roleId="Manager"> <User Name="
If you have configured WebSphere to map roles, the authorization of the user might occasionally fail. This could be because, when Run As roles and user/grouptorole mappings are configured after the J2EE Agent is installed, they fail to be propagated to the JAAC module even after a restart.
To workaround this issue:
Browse to the folder where the J2EE Agent is installed.
Open uDontKnowJacc.jy, which is located in the /novell/nids_agents/bin folder.
Delete the first line.
Modify member1 to <application server name>.
Replace <application server name> with the name of the application server instance where NIDPJ2EEApp is installed.
Execute the following command at the shell prompt:
<path-to-websphere>/bin/wsadmin.sh -username <adminusername> -password <adminpassword> -lang jacl -f <path-to-nids_agents-folder>/uDontKnowJacc.jy
Replace <path-to-websphere> with the path where the WebSphere server is installed.
Replace <adminusername> with the name of the WebSphere administrator.
Replace <adminpassword> with the password of the WebSphere administrator.
NOTE:For more information about updating a security policy, see “Propagating a Security Policy”.