[rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
Stephen Masters
stephen.masters at me.com
Wed May 15 05:01:21 EDT 2013
I think you may have hit this bug:
https://issues.jboss.org/browse/GUVNOR-1976
I think it might be a duplicate of another, which I cant find. At root that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented it from creating a security context. I'm not sure whether any solution was established though.
Steve
On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:
>
> Hi,
>
> I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.
>
> Note : I am unable to find login-config.xml file mentioned in the following link.http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?
>
> Environment:
> 1. Guvnor 5.5.0.Final
> 2. JBOSS AS 7.1.0
>
> Files Configured (Only these files I configured):
> 1. Standalone.xml
> 2. Guvnor.war/WEB-INF/beans.xml
> 3. Created users using “add-user.sh”
> 4. standalone/configuration/application-users.properties (attached).
> 5. standalone/configuration/application-roles.properties (attached)
> 6. standalone/configuration/management-users.properties
>
>
> Configurations
>
> Standalone.xml :
> Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working.
>
> <security-domain name="other" cache-type="default">
> <authentication>
> <login-module code="Remoting" flag="optional">
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> <login-module code="RealmUsersRoles" flag="required">
> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
> <module-option name="realm" value="ApplicationRealm"/>
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="drools-guvnor" cache-type="default">
> <authentication>
> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
> <module-option name="realm" value="ApplicationRealm"/>
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> </authentication>
> </security-domain>
>
> Drools-guvnor.war.
> 1. beans.xml (Tried 4 different configs as suggested on community)
> a. Config 1 (Attached “Config1 beans.xml” and Config1 error.txt) . Error “This User has no permission setup”.
> <security:IdentityImpl>
> <s:modifies/>
> <!-- JAAS based authentication -->
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> </security:IdentityImpl>
>
> <security:jaas.JaasAuthenticator>
> <s:modifies/>
> <jaasConfigName>other</jaasConfigName>
> </security:jaas.JaasAuthenticator>
>
>
> <!-- SECURITY AUTHORIZATION CONFIGURATION -->
> <!--
> This is used to enable or disable role-based authorization. By default it is disabled.
> -->
>
> <guvnorSecurity:RoleBasedPermissionResolver>
> <s:modifies/>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> </guvnorSecurity:RoleBasedPermissionResolver>
>
> b. Config 2 (Attached “Config2 beans.xml” and Config2 error.txt). Error “This User has no permission setup”.
>
> <security:IdentityImpl>
> <s:modifies/>
> <!-- JAAS based authentication -->
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> </security:IdentityImpl>
>
> <security:jaas.JaasAuthenticator>
> <s:modifies/>
> <security:jaasConfigName>drools-guvnor</security:jaasConfigName>
> </security:jaas.JaasAuthenticator>
>
>
> <!-- SECURITY AUTHORIZATION CONFIGURATION -->
> <!--
> This is used to enable or disable role-based authorization. By default it is disabled.
> -->
>
> <guvnorSecurity:RoleBasedPermissionResolver>
> <s:modifies/>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> </guvnorSecurity:RoleBasedPermissionResolver>
>
> c. Config 3 (Attached “Config3 beans.xml” and Config1 error.txt). Error (Same error as of Config 1) “This User has no permission setup”.
>
> <security:IdentityImpl>
> <s:modifies/>
> <!-- JAAS based authentication -->
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> </security:IdentityImpl>
>
> <security:jaas.JaasAuthenticator>
> <s:modifies/>
> <jaasConfigName>other</jaasConfigName>
> </security:jaas.JaasAuthenticator>
>
> <guvnorSecurity:RoleBasedPermissionResolver>
> <s:modifies/>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> </guvnorSecurity:RoleBasedPermissionResolver>
>
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">
>
> <s:modifies/>
>
> <property name="enableRoleBasedAuthorization">true</property>
>
> </component>
>
> I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.
>
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">;
>
> <s:modifies/>
>
> <property name="enableRoleBasedAuthorization">true</property>
>
> </component>
>
>
> Kindly help me in this configuration. I can’t find a single authentic document for my environment.
>
> Regards,
> Zahid
> <standalone.xml><Guvnor User Permission tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1 beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3 beans.xml><Config3 error.txt>_______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/c6b19e0a/attachment-0001.html
More information about the rules-users
mailing list