Description of problem: Any request to Business Central via REST API ends up with 403 Forbidden, regardless of user (and his roles). Same requests can be successfully served by Business Central deployed on different containers than WebSphere. Server log shows the following info message with every request: [9/24/15 13:23:26:486 CEST] 00000081 RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (403 - Forbidden) with message 'null' while processing GET request sent to http://localhost:9080/business-central/rest/repositories Version-Release number of selected component (if applicable): 6.2.0.ER3 How reproducible: always Steps to Reproduce: 1. deploy BRMS or BPMS 6.2.0.ER3 to WebSphere 8.5.5.x 2. try e.g. GET http://${host}:${port}/business-central/rest/repositories 3. provide credentials of a user having appropriate roles (e.g. 'admin' and 'rest-all') Additional info: Possible cause could be the new feature introducing role-based access to REST endpoints. However, commenting out excerpts of beans.xml, namely jaxrs:serviceBeans, authorizationInterceptor and resource beans, did not help.
Fixed, thanks to Maciej's help! Commits: 6.3.x: https://github.com/droolsjbpm/kie-wb-distributions/commit/90a4e33d master: https://github.com/droolsjbpm/kie-wb-distributions/commit/e5bfecc2
Verified with BPMS-6.2.0.ER4