9.8 Authorization Fails in the WebSphere Application

Entries in the NidsJaccRoles.xml file indicate whether the RunAs roles and user/grouptorole mappings are automatically propagated to the JAAC module. If you use SLES as your WebSphere host, the file is located in a path similar to the following example:

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/novell/cells/sles10Node01Cell/nodes/sles10Nodeo1/servers/server1/NidsJaccRoles.xml

The entries look similar to the following:

<J2EERole roleId="Manager">
<User Name="

If you have configured WebSphere to map roles, the authorization of the user might occasionally fail. This could be because, when Run As roles and user/grouptorole mappings are configured after the J2EE Agent is installed, they fail to be propagated to the JAAC module even after a restart.

To workaround this issue:

  1. Browse to the folder where the Novell J2EE Agent is installed.

  2. Open uDontKnowJacc.jy, which is located in the /novell/nids_agents/bin folder.

  3. Delete the first line.

  4. Modify member1 to <application server name>.

    Replace <application server name> with the name of the application server instance where NIDPJ2EEApp is installed.

  5. Execute the following command at the shell prompt:

    <path-to-websphere>/bin/wsadmin.sh -username <adminusername> -password <adminpassword> -lang jacl -f <path-to-nids_agents-folder>/uDontKnowJacc.jy

    Replace <path-to-websphere> with the path where the WebSphere server is installed.

    Replace <adminusername> with the name of the WebSphere administrator.

    Replace <adminpassword> with the password of the WebSphere administrator.

NOTE:For more information about updating a security policy, see “Propagating a Security Policy”.