[rules-users] Help : Enabling Role Base Authorization in Guvnor

Han Ming Low hanming73 at gmail.com
Tue Aug 3 05:06:57 EDT 2010 

Hi Jervis,

Thanks for the reply.

Yes, this solve the problem.

Thanks again.


Han Ming

On Mon, Aug 2, 2010 at 2:24 PM, Jervis Liu <jliu at redhat.com> wrote:

> Hi, the rolesProperties file (eg,  guvnor-roles.properties) configured
> in JBoss AS is not used by Guvnor authorization. Before you enable
> enable-role-based-authorization, you need to login and configure user
> permissions in Guvnor "Administration". For example, you need to give
> your "admin" user a full admin permission.
>
> Hope this helps,
> Jervis
>
> Han Ming Low wrote:
> > Hi all,
> >
> > I try to enable the Role Base Authorization in Guvnor after it was
> > running fine with the default login mechanism.
> > But, encountered some problem with the attempt.
> >
> > What I did was that in the components.xml,
> > - commented out the default <security:identity
> > authenticate-method="#{defaultAuthenticator.authenticate}"/>
> > - uncomment the <security:identity
> > authenticate-method="#{authenticator.authenticate}"
> > jaas-config-name="other"/>
> > - change the role base authorization to true,
> > <security:role-based-permission-resolver
> > enable-role-based-authorization="true"/>
> >
> > And at the login-config.xml
> > I have changed the "other" application policy to
> >     <application-policy name = "other">
> >        <authentication>
> >           <login-module code =
> > "org.jboss.security.auth.spi.UsersRolesLoginModule"
> >              flag = "required" >
> >            <module-option
> > name="usersProperties">props/guvnor-users.properties</module-option>
> >            <module-option
> > name="rolesProperties">props/guvnor-roles.properties</module-option>
> >           </login-module>
> >        </authentication>
> >     </application-policy>
> >
> > guvnor-users.properties
> > admin=admin12
> > krisv=krisv
> > john=john
> > mary=mary
> >
> > guvnor-roles.properties
> > admin=admin
> > krisv=admin,manager,user
> > john=admin,manager,user
> > mary=admin,manager,user
> >
> > After restarting JBoss, I can login based on the user and password
> > defined in the guvnor-users.properties.
> > And, by changing the password in the properties, I verified that it is
> > taking in the value from the file itself.
> >
> > However, when I login as user admin and tried to access the
> > Administration | User Permission or Event Log,
> > I'm prompt "Sorry, insufficient permissions to perform this action."
> >
> > The error from the console is
> > 11:15:36,046 INFO  [STDOUT] ERROR 29-07 11:15:36,046
> > (LoggingHelper.java:error:76)
> > Service method 'public abstract java.util.Map
> > org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
> >        throws
> > org.drools.guvnor.client.rpc.DetailedSerializationException'
> >        threw an unexpected exception:
> > org.jboss.seam.security.AuthorizationException:
> >          Authorization check failed for
> > permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
> > org.jboss.seam.security.AuthorizationException: Authorization check
> > failed for
> > permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
> >         at
> > org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
> >         at
> >
> org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
> > .....
> >
> > Checking on the org.drools.guvnor.server.security.RoleTypes code, the
> > available role should be
> > admin
> > analyst
> > analyst.readonly
> > package.admin
> > package.developer
> > package.readonly
> >
> > Can anyone help to let me know what's wrong with my configuration?
> >
> > Thanks.
> >
> >
> > Han Ming
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > rules-users mailing list
> > rules-users at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/rules-users
> >
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20100803/7a442e9f/attachment.html

More information about the rules-users mailing list