[rules-users] Can't see process in gwt-console after changingguvnor to authenticator

Han Ming Low hanming73 at gmail.com
Wed Aug 11 04:21:27 EDT 2010 

Hi,

Just to add on some information.

I have tried to do the following and had the following findings.

on the gwt-console-server-drools.war, I have extracted and remove
ChangeSet.xml from drools-gwt-console-5.1.0.jar onto the classpath.
Thus, allow me to change the <resource> element's attributes value for
testing.

1) I found that by changing the attributes username="admin" password="admin"
will allow me to view/unview the processes depending on my password is set
correctly.
Thus, does it means that from Drools Flow console will always list the
process in the particular package using the particular user.
How can I change this to allow Drools Flow console to tie to the view to the
user logged in and in whichever package he has rights to?

2) And, also by accessing
http://localhost:8080/drools-guvnor/org.drools.guvnor.Guvnor/webdav/packages/defaultPackage
from
windows explorer using "john" as login, it is able to list all the resources
which I cannot see in Guvnor with the same user login.
Thus, does it means that I'm able to see the "Evaluation" process when I
change the ChangeSet.xml user to "john" is because webdav does not restrict
the listing based on role?
Is it possible for "john" who cannot view defaultPackage on Guvnor, not to
be able to see the "Evaluation" process on Drools Flow console?

Help please.

Thanks.



Han Ming




On Tue, Aug 10, 2010 at 6:28 PM, Han Ming Low <hanming73 at gmail.com> wrote:

> Hi Kris,
>
> Thanks for the reply.
>
> Sorry for any confusion.
> I found that I'm wrong to say that the process is not showing is due to
> enabling the role base authorization.
>
> I realize that, maybe I'm in a private network, when I first try to access
> the "Process" view in Drools Flow console which will in turn try to query
> http://localhost:8080/gwt-console-server/rs/process/definitions, it will
> take a long time for the server to return the definition, might be because
> of the xsd at
> http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools*
> -api/src/main/resources/change-set-1.0.0.xsd*<http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-api/src/main/resources/change-set-1.0.0.xsd>
> After a long wait, when the server return the result for definitions after
> the first time, I will be able to see the Process.
>
> Now, when I try to login to the Drools Flow console by loggin in as "john"
> which I do not defined any User Permission at Guvnor, I'm still able to see
> the "Evaluation" process.
>
> Is it possible to restrict user "john" not to see the process that he is
> not "defined" to see.
>
> Regarding your suggestion on using changeset.xml, I'm sorry I'm not sure
> what is required to be done.
> I would thought that Drools Flow console is using the guvnor's
> authenticator because after I change the guvnor-users.properties, say the
> password for user "admin" is changed to "admin1", I managed to login to
> Drools Flow console using the new password "admin1".
> To me, it means that Drools Flow is actually now using
> guvnor-users.properties for authentication.
> (if I use the old password "admin" will encounter a "Authentication Failed"
> error)
> Just that now my problem is directly opposite to what I thought the problem
> was first to be.
> i.e.
> I want the Process not to show when login using "john" but it is showing
> instead.
>
> Sorry for the confusion.
>
> Any advice is greatly appreciated.
>
> Thanks.
>
>
> Han Ming
> 2010/8/6 Kris Verlaenen <kris.verlaenen at cs.kuleuven.be>
>
>  Han Ming,
>>
>> The gwt-console uses the authentication as defined in the ChangeSet.xml
>> inside the drools-gwt-console-{version}.jar in the gwt server war:
>>
>> <resource source='
>> http://localhost:8080/drools-guvnor/org.drools.guvnor.Guvnor/package/defaultPackage/LATEST'
>> type='PKG' basicAuthentication="enabled" username="admin" password="admin"
>> />
>>
>> I guess you could change that or make sure the credential that is
>> specified here works for your configuration, would that help?
>>
>> Kris
>>
>>
>>   ----- Original Message -----
>> *From:* Han Ming Low <hanming73 at gmail.com>
>> *To:* Rules Users List <rules-users at lists.jboss.org>
>> *Sent:* Thursday, August 05, 2010 10:28 AM
>> *Subject:* [rules-users] Can't see process in gwt-console after
>> changingguvnor to authenticator
>>
>> Hi,
>>
>> I'm having problems with seeing the process in gwt-console. :p
>>
>> This time the difference is I change the guvnor components.xml
>> authenticator to "other" and role based authorization as "true" and set the
>> login-config.xml authentication to a users.properties
>>
>> The steps and difference in setup I have made is as follows
>> 1) change guvnor and flow persistence to mysql instead of h2
>> 2) Build defaultPackage, ABLE to see process in Drools Flow console
>> 3) Shutdown both human task and jboss
>> 4) Configure role-base authorization and users.properties file
>> authentication
>> 5) Start human.task and jboss
>> 6) Not able to see process in Drools Flow console
>> 7) Rebuild defaultPackage
>> 8) Not able to see process in Drools Flow console
>> 9) Restart both human task and jboss
>> 10) Not able to see process in Drools Flow console
>> 11) Delete process in guvnor and delete archive
>> 12) Copy process from local file system to guvnor through WebDAV
>> 13) Build defaultPackage
>> 14) Not able to see process in Drools Flow console
>> 15) Shutdown both human task and jboss
>> 16) Change login back to defaultAuthenticator.authenticate
>> 17) Start human.task and jboss
>> 18) ABLE to see process again
>>
>> What should I do to allow the process to be seen when other authenticator
>> is used?
>> Any advice is greatly appreciated.
>>
>> Thanks.
>>
>>
>> Han Ming
>>
>> ------------------------------
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>
>>
>> Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm for more
>> information.
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20100811/977793fa/attachment.html

More information about the rules-users mailing list