M
Michael Jacobs
Guest
From what is shown in the log fragments, the server's HybridRealm class is throwing an exception after failing to validate the REST adapter as an authenticated & authorized client that is allowed to access the HybridRealm class's methods. You can see this validation of the REST adapter's identity in the HybridRealm's ValidateClient() method. The REST adapter as an authenticated client of the AppServer's HybridRealm class is enabled when the OERealmUserDetails bean's configuration includes a property="realmTokenFile" value="...". Is this property defined in your appSecurity-basic-oerealm.xml configuration file? When the property is defined, it points to the name of a file that contains a 'sealed' Client-Principal that is what the REST adapter uses when it connects to the AppServer and authenticate itself to the HybridRealm class for authentication. A default file named 'spadefault.cp' is provided with the sample. In it contains a sealed Client-Principal with the user-id " The configuration seems to indicate that no Client-Principal is configured for the REST adapter, but the AppServer's HybridRealm code is probably throwing an error that indicates one was passed and could not be validated. Can you edit the HypridRealm class's ValidateClient() method and add message statements to find out if: 1) A Client-Principal was passed to the AppServer? 2) If a Client-Principal was passed - was its 'seal' able to be validated? 3) If the Client-Principal's 'seal' was validated - did the Client-Principal's role list contain what was configured in the properties (SPACleint)? The answers to the above is the first step to solving your problem. Mike Jacobs
Continue reading...
Continue reading...