Bug 1266042 - WAS: REST API of Business Central responds with 403 Forbidden to any request
WAS: REST API of Business Central responds with 403 Forbidden to any request
Product: JBoss BRMS Platform 6
Classification: JBoss
Component: Business Central (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: ER4
: 6.2.0
Assigned To: Shelly McGowan
Radovan Synek
: TestBlocker
Depends On:
  Show dependency treegraph
Reported: 2015-09-24 07:39 EDT by Radovan Synek
Modified: 2016-09-20 01:15 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ppenicka: needinfo+

Attachments (Terms of Use)

  None (edit)
Description Radovan Synek 2015-09-24 07:39:08 EDT
Description of problem:
Any request to Business Central via REST API ends up with 403 Forbidden, regardless of user (and his roles). Same requests can be successfully served by Business Central deployed on different containers than WebSphere.

Server log shows the following info message with every request:
[9/24/15 13:23:26:486 CEST] 00000081 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (403 - Forbidden) with message 'null' while processing GET request sent to http://localhost:9080/business-central/rest/repositories

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. deploy BRMS or BPMS 6.2.0.ER3 to WebSphere 8.5.5.x
2. try e.g. GET http://${host}:${port}/business-central/rest/repositories
3. provide credentials of a user having appropriate roles (e.g. 'admin' and 'rest-all')

Additional info:
Possible cause could be the new feature introducing role-based access to REST endpoints. However, commenting out excerpts of beans.xml, namely jaxrs:serviceBeans, authorizationInterceptor and resource beans, did not help.
Comment 1 Marco Rietveld 2015-09-30 08:30:48 EDT
Fixed, thanks to Maciej's help! Commits: 


Comment 2 Radovan Synek 2015-10-16 03:09:56 EDT
Verified with BPMS-6.2.0.ER4

Note You need to log in before you can comment on or make changes to this bug.