Not able to call Maven Java batch using rest service deployed in liberty

Question

https://github.com/WASdev/sample.batch.sleepybatchlet

I am trying to run the above git sample. I was able to configure and run a ant build java batch project in liberty. but when it comes to maven project, i was not able to use the rest service to control the jobs.i have issues with user authentication problems using defaultKeyStore. i noticed there was a server.xml in the above maven project, but i was not able to create a keystore password. it says "no liberty runtime could be found".

in liberty server.xml i have used one user in basicRegistry and security-role as "batchadmin" for the same user

what changes should be done in the server.xml inside project to pass the server authentication.

Answer 1

In order to perform batch operations from a servlet when batch role-based authentication is configured, you need to add an authentication challenge to the servlet so that it runs under a specific user rather than UNAUTHENTICATED.

You could add this to the sample like this:

import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;

// ...
@ServletSecurity(value = @HttpConstraint(transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL),
    httpMethodConstraints = { @HttpMethodConstraint(value = "POST", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT),
                              @HttpMethodConstraint(value = "GET", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT),
                              @HttpMethodConstraint(value = "PUT", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT) })
@WebServlet(urlPatterns = { "/joboperator" })
public class JobOperatorServlet extends HttpServlet {

That's in addition to defining the user registry and the users, and granting them access to the batch roles as in the doc you referenced, and here is a snippet of that:

<httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>

<keyStore id="defaultKeyStore" password="Liberty"/>

<basicRegistry id="basic" realm="ibm/api">
    <user name="bob" password="bobpwd"/>
    <user name="jane" password="janepwd"/>
</basicRegistry>

<authorization-roles id="com.ibm.ws.batch">
    <security-role name="batchSubmitter">
        <user name="bob"/>
    </security-role>
    <security-role name="batchAdmin">
        <user name="jane"/>
    </security-role>
</authorization-roles>

Now, there's a separate but related question of how do you configure batch security, i.e. which features bring batch security into the picture. But I'll leave that for a follow-up question and take it for granted here that it's present.