6475651: Java ES 2005Q4 Service Registry Login Fails After Application Server Upgrade (Service Registry 3.1 Release Notes)

Service Registry 3.1 Release Notes

6475651: Java ES 2005Q4 Service Registry Login Fails After Application Server Upgrade

Problem Summary: If you installed and used the previous version of Service Registry (from Java ES 2005Q4), and you now upgrade to the Java ES 5 version of Application Server but do not upgrade to the Java ES 5 version of Service Registry, a login failure occurs if you try to use the same certificate you previously created with the Web Console.

Workaround: Edit the web.xml file and the security policy file for Service Registry.

To stop the Application Server domain for the Registry and edit the web.xml file, follow these steps:

Change to the Service Registry install directory:

On Solaris OS: cd /opt/SUNWsoar/install

On Linux and HP-UX systems: cd /opt/sun/SUNWsoar/install
Stop the Application Server domain for the Registry:

Ant-base/ant -f build-install.xml appserver.domain.stop
Change to the directory RegistryDomain-base/domains/registry/applications/j2ee-modules/soar/WEB-INF/.
Open the file web.xml in a text editor.
Inside the <security-constraint> tag, after the </web-resource-collection> tag, insert the following:
```
<auth-constraint>
  <role-name>have.client.cert</role-name>
</auth-constraint>
```

After the </security-constraints> tag, insert the following:

<error-page>
  <error-code>400</error-code>
  <location>/registry/thin/AuthenticateError.jsp</location>
</error-page>
<security-role>
  <description>all subjects who have client certificates</description>
  <role-name>have.client.cert</role-name>
</security-role>

Save and close the web.xml file.

To edit the security policy file and restart the domain, follow these steps:

Change to the following directory:

On Solaris OS: cd /var/opt/SUNWsoar/domains/registry/config

On Linux and HP-UX systems: cd /var/opt/sun/SUNWsoar/domains/registry/config
Open the file server.policy in a text editor.

Add the following grants to this file:

grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/soar/WEB-INF/lib/-"{
       permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "file:${com.sun.aas.instanceRoot}/generated/jsp/j2ee-modules/soar/-" {
      permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

Save and close the server.policy file.
Restart the Application Server domain for the Registry:

Ant-base/ant -f build-install.xml appserver.domain.start
Open your web browser to the URL http://localhost:6060/soar. You should now be able to log in and publish.