[rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error

Stephen Masters stephen.masters at me.com
Wed May 15 08:49:16 EDT 2013 

That's great news. Sounds like a simple enough workaround.

If you have an account on there, it would probably be a good idea to write the workaround into a comment on the Jira issue, so that future victims are able to fix their build quickly.

Steve


On 15 May 2013, at 13:28, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:

> Hi Steve,
>  
> Thanks for replying promptly. I have fixed this issue by replacing the following jars in guvnor.war. I debugged the guvnor code and found out that username is null in org.jboss.seam.security.IdentityImpl..activeAuthenticator. This is a  JAAS Authenticator in which user is coming null. I found it out in IdentityImpl.postAuthenticate() method.
>  
> 1.       seam-security-3.1.0.Final.jar with  seam-security-3.2.0.Final.jar
> and
> 2.       seam-security-api-3.1.0.Final.jar with  seam-security-api-3.2.0.Final.jar  
>  
> It worked with all the below configurations. I have created a number of users and they are getting authenticated. But, all the users are logged in with admin rights. I have two users which have “package.developer” rights but still those users can update any process in other packages. Even those users can update their own user permissions.
>  
> Regards,
>  
> Zahid Ahmed
>  
> From: rules-users-bounces at lists.jboss.org [mailto:rules-users-bounces at lists.jboss.org] On Behalf Of Stephen Masters
> Sent: 15 May 2013 13:01
> To: Rules Users List
> Subject: Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
>  
> I think you may have hit this bug:
>  
> https://issues.jboss.org/browse/GUVNOR-1976
>  
> I think it might be a duplicate of another, which I cant find. At root that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented it from creating a security context. I'm not sure whether any solution was established though.
>  
> Steve
>  
>  
>  
> On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:
> 
> 
>  
> Hi,
>  
> I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.
>  
> Note : I am unable to find login-config.xml file mentioned in the following link.http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?
>  
> Environment:
> 1.       Guvnor 5.5.0.Final
> 2.       JBOSS AS 7.1.0
>  
> Files Configured (Only these files I configured):
> 1.       Standalone.xml
> 2.       Guvnor.war/WEB-INF/beans.xml
> 3.       Created users using “add-user.sh”
> 4.       standalone/configuration/application-users.properties (attached).
> 5.       standalone/configuration/application-roles.properties (attached)
> 6.       standalone/configuration/management-users.properties
>  
>  
> Configurations
>  
> Standalone.xml :
> Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working.
>  
>                 <security-domain name="other" cache-type="default">
>                     <authentication>
>                         <login-module code="Remoting" flag="optional">
>                             <module-option name="password-stacking" value="useFirstPass"/>
>                         </login-module>
>                         <login-module code="RealmUsersRoles" flag="required">
>                             <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
>                             <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
>                             <module-option name="realm" value="ApplicationRealm"/>
>                             <module-option name="password-stacking" value="useFirstPass"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>
>                 <security-domain name="drools-guvnor" cache-type="default">
>                     <authentication>
>                         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
>                             <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
>                             <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
>                             <module-option name="realm" value="ApplicationRealm"/>
>                             <module-option name="password-stacking" value="useFirstPass"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>
>  
> Drools-guvnor.war.
> 1.       beans.xml (Tried 4 different configs as suggested on community)
> a.      Config 1 (Attached “Config1 beans.xml” and Config1 error.txt) . Error “This User has no permission setup”.
>   <security:IdentityImpl>
>     <s:modifies/>
>     <!-- JAAS based authentication -->
>     <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>   </security:IdentityImpl>
>  
>   <security:jaas.JaasAuthenticator>
>     <s:modifies/>
>     <jaasConfigName>other</jaasConfigName>
>   </security:jaas.JaasAuthenticator>
>  
>  
>   <!-- SECURITY AUTHORIZATION CONFIGURATION -->
>   <!--
>       This is used to enable or disable role-based authorization. By default it is disabled.
>   -->
>  
>   <guvnorSecurity:RoleBasedPermissionResolver>
>     <s:modifies/>
>     <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>   </guvnorSecurity:RoleBasedPermissionResolver>
>  
> b.      Config 2 (Attached “Config2 beans.xml” and Config2 error.txt). Error  “This User has no permission setup”.
>    
>   <security:IdentityImpl>
>     <s:modifies/>
>     <!-- JAAS based authentication -->
>     <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>   </security:IdentityImpl>
>  
>   <security:jaas.JaasAuthenticator>
>     <s:modifies/>
> <security:jaasConfigName>drools-guvnor</security:jaasConfigName>
>   </security:jaas.JaasAuthenticator>
>  
>  
>   <!-- SECURITY AUTHORIZATION CONFIGURATION -->
>   <!--
>       This is used to enable or disable role-based authorization. By default it is disabled.
>   -->
>  
>   <guvnorSecurity:RoleBasedPermissionResolver>
>     <s:modifies/>
>     <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>   </guvnorSecurity:RoleBasedPermissionResolver>
>  
> c.       Config 3 (Attached “Config3 beans.xml” and Config1 error.txt). Error (Same error as of Config 1) “This User has no permission setup”.
>  
>   <security:IdentityImpl>
>     <s:modifies/>
>     <!-- JAAS based authentication -->
>     <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>   </security:IdentityImpl>
>  
>   <security:jaas.JaasAuthenticator>
>     <s:modifies/>
>     <jaasConfigName>other</jaasConfigName>
>   </security:jaas.JaasAuthenticator>
>  
> <guvnorSecurity:RoleBasedPermissionResolver>
>     <s:modifies/>
>     <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>   </guvnorSecurity:RoleBasedPermissionResolver>
>  
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">
>  
>   <s:modifies/>
>  
>   <property name="enableRoleBasedAuthorization">true</property>
>  
> </component>
>  
> I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or  <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.
>  
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">;
>  
>   <s:modifies/>
>  
>   <property name="enableRoleBasedAuthorization">true</property>
>  
> </component>
>  
>  
> Kindly help me in this configuration. I can’t find a single authentic document for my environment.
>  
> Regards,
> Zahid
> <standalone.xml><Guvnor User Permission tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1 beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3 beans.xml><Config3 error.txt>_______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>  
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/2c38f873/attachment-0001.html

More information about the rules-users mailing list