Problem Summary: If you installed and used the previous version of Service Registry (from Java ES 2005Q4), and you now upgrade to the Java ES 5 version of Application Server but do not upgrade to the Java ES 5 version of Service Registry, a login failure occurs if you try to use the same certificate you previously created with the Web Console.
Workaround: Edit the web.xml file and the security policy file for Service Registry.
To stop the Application Server domain for the Registry and edit the web.xml file, follow these steps:
Change to the Service Registry install directory:
On Solaris OS: cd /opt/SUNWsoar/install
On Linux and HP-UX systems: cd /opt/sun/SUNWsoar/install
Stop the Application Server domain for the Registry:
Ant-base/ant -f build-install.xml appserver.domain.stop
Change to the directory RegistryDomain-base/domains/registry/applications/j2ee-modules/soar/WEB-INF/.
Open the file web.xml in a text editor.
Inside the <security-constraint> tag, after the </web-resource-collection> tag, insert the following:
<auth-constraint> <role-name>have.client.cert</role-name> </auth-constraint>
After the </security-constraints> tag, insert the following:
<error-page> <error-code>400</error-code> <location>/registry/thin/AuthenticateError.jsp</location> </error-page> <security-role> <description>all subjects who have client certificates</description> <role-name>have.client.cert</role-name> </security-role>
Save and close the web.xml file.
To edit the security policy file and restart the domain, follow these steps:
Change to the following directory:
On Solaris OS: cd /var/opt/SUNWsoar/domains/registry/config
On Linux and HP-UX systems: cd /var/opt/sun/SUNWsoar/domains/registry/config
Open the file server.policy in a text editor.
Add the following grants to this file:
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/soar/WEB-INF/lib/-"{ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; grant codeBase "file:${com.sun.aas.instanceRoot}/generated/jsp/j2ee-modules/soar/-" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; };
Save and close the server.policy file.
Restart the Application Server domain for the Registry:
Ant-base/ant -f build-install.xml appserver.domain.start
Open your web browser to the URL http://localhost:6060/soar. You should now be able to log in and publish.