Can't map roles to groups using ibm-application-bnd.xml

Question

I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message:

[08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A   SECJ0129E: ... GET в null:/loginmodule/date/, Authorization failed, Not granted any of the required roles: user-role

When I try configure it with ibm console it works. All configuration WAS writes into ibm-application-bnd.xmi instead of ibm-application-bnd.xml.

What do I wrong? Using Websphere AS 8.5.5 with Java 1.6

ibm-application-bnd.xml:

<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://websphere.ibm.com/dxml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
      xmlns="http://websphere.ibm.com/xml/ns/javaee" version="1.2">
      <security-role name="user-role">
            <group name="user-group" />
      </security-role>
</application-bnd>

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
      <session-config>
            <session-timeout>30</session-timeout>
      </session-config>
      <welcome-file-list>
            <welcome-file>index.html</welcome-file>
      </welcome-file-list>

      <security-constraint>
            <display-name>Constraint</display-name>
            <web-resource-collection>
                  <web-resource-name>secrets</web-resource-name>
                  <description />
                  <url-pattern>/date/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>user-role</role-name>
            </auth-constraint>
      </security-constraint>

      <security-role>
            <role-name>user-role</role-name>
      </security-role>

      <servlet>
            <servlet-name>date</servlet-name>
            <servlet-class>ru.servlet.TimeServlet</servlet-class>
      </servlet>
      <servlet-mapping>
            <servlet-name>date</servlet-name>
            <url-pattern>/date/*</url-pattern>
      </servlet-mapping>
</web-app>

Answer 1

WebSphere Application Server uses XML for EE 5+ only, and that decision is made on a per-deployment descriptor basis. If ibm-application-bnd.xmi is being used, then I suspect your application.xml has version="1.4" or lower, so try again after updating to an EE 5 XML header (remove doctype, add xmlns, add xmlns:xsi, add xsi:schemaLocation, update version attribute).