Hi, the rolesProperties file (eg, guvnor-roles.properties) configured
in JBoss AS is not used by Guvnor authorization. Before you enable
enable-role-based-authorization, you need to login and configure user
permissions in Guvnor "Administration". For example, you need to give
your "admin" user a full admin permission.
Hope this helps,
Jervis
Han Ming Low wrote:
> Hi all,
>
> I try to enable the Role Base Authorization in Guvnor after it was
> running fine with the default login mechanism.
> But, encountered some problem with the attempt.
>
> What I did was that in the components.xml,
> - commented out the default <security:identity
> authenticate-method="#{defaultAuthenticator.authenticate}"/>
> - uncomment the <security:identity
> authenticate-method="#{authenticator.authenticate}"
> jaas-config-name="other"/>
> - change the role base authorization to true,
> <security:role-based-permission-resolver
> enable-role-based-authorization="true"/>
>
> And at the login-config.xml
> I have changed the "other" application policy to
> <application-policy name = "other">
> <authentication>
> <login-module code =
> "org.jboss.security.auth.spi.UsersRolesLoginModule"
> flag = "required" >
> <module-option
> name="usersProperties">props/guvnor-users.properties</module-option>
> <module-option
> name="rolesProperties">props/guvnor-roles.properties</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
> guvnor-users.properties
> admin=admin12
> krisv=krisv
> john=john
> mary=mary
>
> guvnor-roles.properties
> admin=admin
> krisv=admin,manager,user
> john=admin,manager,user
> mary=admin,manager,user
>
> After restarting JBoss, I can login based on the user and password
> defined in the guvnor-users.properties.
> And, by changing the password in the properties, I verified that it is
> taking in the value from the file itself.
>
> However, when I login as user admin and tried to access the
> Administration | User Permission or Event Log,
> I'm prompt "Sorry, insufficient permissions to perform this action."
>
> The error from the console is
> 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046
> (LoggingHelper.java:error:76)
> Service method 'public abstract java.util.Map
> org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
> throws
> org.drools.guvnor.client.rpc.DetailedSerializationException'
> threw an unexpected exception:
> org.jboss.seam.security.AuthorizationException:
> Authorization check failed for
> permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
> org.jboss.seam.security.AuthorizationException: Authorization check
> failed for
> permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
> at
> org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
> at
> org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
> .....
>
> Checking on the org.drools.guvnor.server.security.RoleTypes code, the
> available role should be
> admin
> analyst
> analyst.readonly
> package.admin
> package.developer
> package.readonly
>
> Can anyone help to let me know what's wrong with my configuration?
>
> Thanks.
>
>
> Han Ming
> ------------------------------------------------------------------------
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>