[rules-users] Help : Enabling Role Base Authorization in Guvnor

Han Ming Low hanming73 at gmail.com
Wed Jul 28 23:24:00 EDT 2010 

Hi all,

I try to enable the Role Base Authorization in Guvnor after it was running
fine with the default login mechanism.
But, encountered some problem with the attempt.

What I did was that in the components.xml,
- commented out the default <security:identity
authenticate-method="#{defaultAuthenticator.authenticate}"/>
- uncomment the <security:identity
authenticate-method="#{authenticator.authenticate}"
jaas-config-name="other"/>
- change the role base authorization to true,
<security:role-based-permission-resolver
enable-role-based-authorization="true"/>

And at the login-config.xml
I have changed the "other" application policy to
    <application-policy name = "other">
       <authentication>
          <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" >
           <module-option
name="usersProperties">props/guvnor-users.properties</module-option>
           <module-option
name="rolesProperties">props/guvnor-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

guvnor-users.properties
admin=admin12
krisv=krisv
john=john
mary=mary

guvnor-roles.properties
admin=admin
krisv=admin,manager,user
john=admin,manager,user
mary=admin,manager,user

After restarting JBoss, I can login based on the user and password defined
in the guvnor-users.properties.
And, by changing the password in the properties, I verified that it is
taking in the value from the file itself.

However, when I login as user admin and tried to access the Administration |
User Permission or Event Log,
I'm prompt "Sorry, insufficient permissions to perform this action."

The error from the console is
11:15:36,046 INFO  [STDOUT] ERROR 29-07 11:15:36,046
(LoggingHelper.java:error:76)
Service method 'public abstract java.util.Map
org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
       throws org.drools.guvnor.client.rpc.DetailedSerializationException'
       threw an unexpected exception:
org.jboss.seam.security.AuthorizationException:
         Authorization check failed for
permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
org.jboss.seam.security.AuthorizationException: Authorization check failed
for permission[org.drools.guvnor.server.security.AdminType at bf7a4d,admin]
        at
org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
        at
org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
.....

Checking on the org.drools.guvnor.server.security.RoleTypes code, the
available role should be
admin
analyst
analyst.readonly
package.admin
package.developer
package.readonly

Can anyone help to let me know what's wrong with my configuration?

Thanks.


Han Ming
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20100729/111ed994/attachment.html

More information about the rules-users mailing list