Credentials exception when running Filenet-based web app on Websphere Application Server

Question

I have developed a REST service that retrieves data from the content engine storage. For simplicity I've created user account with read-only privileges and used it for CE authorization, using the following code:

UserContext context = UserContext.get();
Connection connection = Factory.Connection.getConnection("connection.url");
Subject subject = UserContext.createSubject(connection, "connection.username", "connection.password", "connection.stanza");
context.pushSubject(subject);

During development I tested my service on local Tomcat server and everything worked fine. Now I've deployed that service on Websphere Application Server where ContentEngine is located and when I try to access my REST service I get the following exception:

Error 500: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.filenet.api.exception.EngineRuntimeException: FNRCS0005E: SECURITY_INVALID_CREDENTIALS: Access to the Content Engine was not allowed because the Content Engine API library or the Web Service Interface (WSI) Listener could not find the required security context information. Expected credentials were not found in the security context.

Is any extra configuration required for WAS to make this approach work? Or maybe a better approach exists for addressing authorization issue?

Answer 1

I've managed to solve that problem by using different stanza. The one I used (FileNetP8, the default) for some reason worked perfectly with Tomcat but had problem with Websphere Application Server. In the WAS security logins configuration I found FileNetP8WSI stanza which did the trick.

Answer 2

I use nearly exactly the same code to successfully connect to the CE via WebSphere, but I use a null stanza

Subject subject = UserContext.createSubject(connection, username, password, null);

Does that make a difference for you?