[rules-users] Erro : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
Zahid Ahmed
zahid.ahmed at emirates.com
Wed May 15 04:25:23 EDT 2013
Hi,
I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting "This User has no permissions setup". The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.
Note : I am unable to find login-config.xml file mentioned in the following link. http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?
Environment:
1. Guvnor 5.5.0.Final
2. JBOSS AS 7.1.0
Files Configured (Only these files I configured):
1. Standalone.xml
2. Guvnor.war/WEB-INF/beans.xml
3. Created users using "add-user.sh"
4. standalone/configuration/application-users.properties (attached).
5. standalone/configuration/application-roles.properties (attached)
6. standalone/configuration/management-users.properties
Configurations
Standalone.xml :
Only configured below tags. There's nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if "other" is not working.
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="drools-guvnor" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
Drools-guvnor.war.
1. beans.xml (Tried 4 different configs as suggested on community)
a. Config 1 (Attached "Config1 beans.xml" and Config1 error.txt) . Error "This User has no permission setup".
<security:IdentityImpl>
<s:modifies/>
<!-- JAAS based authentication -->
<security:authenticatorName>jaasAuthenticator</security:authenticatorName>
</security:IdentityImpl>
<security:jaas.JaasAuthenticator>
<s:modifies/>
<jaasConfigName>other</jaasConfigName>
</security:jaas.JaasAuthenticator>
<!-- SECURITY AUTHORIZATION CONFIGURATION -->
<!--
This is used to enable or disable role-based authorization. By default it is disabled.
-->
<guvnorSecurity:RoleBasedPermissionResolver>
<s:modifies/>
<guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
</guvnorSecurity:RoleBasedPermissionResolver>
b. Config 2 (Attached "Config2 beans.xml" and Config2 error.txt). Error "This User has no permission setup".
<security:IdentityImpl>
<s:modifies/>
<!-- JAAS based authentication -->
<security:authenticatorName>jaasAuthenticator</security:authenticatorName>
</security:IdentityImpl>
<security:jaas.JaasAuthenticator>
<s:modifies/>
<security:jaasConfigName>drools-guvnor</security:jaasConfigName>
</security:jaas.JaasAuthenticator>
<!-- SECURITY AUTHORIZATION CONFIGURATION -->
<!--
This is used to enable or disable role-based authorization. By default it is disabled.
-->
<guvnorSecurity:RoleBasedPermissionResolver>
<s:modifies/>
<guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
</guvnorSecurity:RoleBasedPermissionResolver>
c. Config 3 (Attached "Config3 beans.xml" and Config1 error.txt). Error (Same error as of Config 1) "This User has no permission setup".
<security:IdentityImpl>
<s:modifies/>
<!-- JAAS based authentication -->
<security:authenticatorName>jaasAuthenticator</security:authenticatorName>
</security:IdentityImpl>
<security:jaas.JaasAuthenticator>
<s:modifies/>
<jaasConfigName>other</jaasConfigName>
</security:jaas.JaasAuthenticator>
<guvnorSecurity:RoleBasedPermissionResolver>
<s:modifies/>
<guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
</guvnorSecurity:RoleBasedPermissionResolver>
<component name="org.jboss.seam.security.roleBasedPermissionResolver">
<s:modifies/>
<property name="enableRoleBasedAuthorization">true</property>
</component>
I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.
<component name="org.jboss.seam.security.roleBasedPermissionResolver">;
<s:modifies/>
<property name="enableRoleBasedAuthorization">true</property>
</component>
Kindly help me in this configuration. I can't find a single authentic document for my environment.
Regards,
Zahid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: standalone.xml
Type: text/xml
Size: 15895 bytes
Desc: standalone.xml
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0004.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Guvnor User Permission tab.png
Type: image/png
Size: 51140 bytes
Desc: Guvnor User Permission tab.png
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0001.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: application-roles.properties
Type: application/octet-stream
Size: 843 bytes
Desc: application-roles.properties
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0003.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: application-users.properties
Type: application/octet-stream
Size: 893 bytes
Desc: application-users.properties
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0004.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mgmt-users.properties
Type: application/octet-stream
Size: 964 bytes
Desc: mgmt-users.properties
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0005.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Config1 beans.xml
Type: text/xml
Size: 3986 bytes
Desc: Config1 beans.xml
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0005.xml
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Config1 error.txt
Url: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0003.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Config2 beans.xml
Type: text/xml
Size: 3984 bytes
Desc: Config2 beans.xml
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0006.xml
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Config2 error.txt
Url: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0004.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Config3 beans.xml
Type: text/xml
Size: 3973 bytes
Desc: Config3 beans.xml
Url : http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0007.xml
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Config3 error.txt
Url: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/97826900/attachment-0005.txt
More information about the rules-users
mailing list