How are authenticated users set up in WebSphere Liberty? I have followed the instructions listed here: https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_sec_rolebased.html and here: https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_basic_registry.html
But I'm still missing some piece of the puzzle.
Here is what my ibm-application-bnd.xml looks like:
<application-bnd>
<security-role name="AllAuthenticated">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
</application-bnd>
Here is the server.xml:
<basicRegistry id="basic" realm="WebRealm">
<user name="wasadmin" password="wasadmin" />
<user name="user1" password="test" />
<user name="user2" password="test" />
<group name="admin">
<member name="wasadmin" />
</group>
<group name="users">
<member name="wasadmin" />
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
<administrator-role>
<user>wasadmin</user>
</administrator-role>
Here is the error message
CWWKS9104A: Authorization failed for user wasadmin:defaultRealm while invoking MyApplication on /myapplication-mainPage. The user is not granted access to any of the required roles: [ROLE_AUTHENTICATED_USER].
Do I need to define a AllAuthenticated role? Is its name AllAuthenticated-role ? How do I get it to not look for the DefaultRealm
Here is the page that helped me figure out the problem: https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_quickstart.html
This is what I added to the server.xml:
<enterpriseApplication location="MyApplication.ear">
<application-bnd>
<security-role name="ROLE_AUTHENTICATED_USER">
<group name="admin" />
</security-role>
</application-bnd>
</enterpriseApplication>