I am getting 403 accessing an webapp deployed in embedded mode. Further
debugging shows that WebSecurityManager.hasNoConstrainedResources() is
returning false whereas the same webapp deployed non-embedded returns
true for WebSecurityManager.hasNoConstrainedResources(). The webapp
does not have any security constraints defined.
WebSecurityManager.allResourcesCP and allConnectionsCP permission are
false for embedded scenario.
// permissions tied to unchecked permission cache, and used
// to determine if the effective policy is grant all
// WebUserData and WebResource permisions.
private CachedPermission allResourcesCP = null;
private CachedPermission allConnectionsCP = null;
Where do I need to grant additional security settings if at all for
embedded case?
Thanks,
Amy