Ibm mobilefirst 在worklight server 6.1控制台上启用安全性
尝试在6.1 worklight服务器上设置安全性时,服务器已满是8.5.5 获取错误:Ibm mobilefirst 在worklight server 6.1控制台上启用安全性,ibm-mobilefirst,worklight-server,Ibm Mobilefirst,Worklight Server,尝试在6.1 worklight服务器上设置安全性时,服务器已满是8.5.5 获取错误: SRVE0232E: Internal Server Error. Exception Message: [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session
SRVE0232E: Internal Server Error.
Exception Message: [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.]
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.
IBM WebSphere Application Server
在部署新WAR文件之前,我已编辑了以下文件
worklight.properties:
#######################################################################################################################
# Protecting the Worklight Console
#######################################################################################################################
# You can protect the Worklight Console by defining user credentials required to access it.
# In addition to defining these two properties, you should also configure the authenticationConfig.xml file,
# located under <Worklight Root Directory>\server\conf.
console.username=consoleadmin
console.password=consolepassword
Authenticationconfig.xml:
<!-- Uncomment the next element to protect the worklight console and the first section in securityTests below. -->
<staticResources>
<resource id="worklightConsole" securityTest="WorklightConsole">
<urlPatterns>/console*</urlPatterns>
</resource>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
<securityTests>
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
看起来与以下问题有关:
看起来您正试图从未受保护的页面访问会话。在“安全性”>“全局安全性”>“Web和SIP安全性”>“常规设置”中的管理控制台中选中“在访问未受保护的URI时使用可用的身份验证数据”复选框。应注意,这不是在生产环境中保护Worklight控制台的方法,在开发服务器外部:-使用LDAP.@gas-该复选框已被选中ticked@IdanAdar-请给我指一下帮助页面,详细说明如何在没有LDAP的情况下为Prod保护worklight控制台?我在上面发布了相同的链接。。。