[rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
Michael Anstis
michael.anstis at gmail.com
Wed May 15 08:56:13 EDT 2013
I think there is another JIRA (that is closed for 5.6.x) that fixed the
same problem.
Any help cross-referencing and closing duplicates appreciated :)
On 15 May 2013 13:49, Stephen Masters <stephen.masters at me.com> wrote:
> That's great news. Sounds like a simple enough workaround.
>
> If you have an account on there, it would probably be a good idea to write
> the workaround into a comment on the Jira issue, so that future victims are
> able to fix their build quickly.
>
> Steve
>
>
> On 15 May 2013, at 13:28, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:
>
> Hi Steve,****
>
> Thanks for replying promptly. I have fixed this issue by replacing the
> following jars in guvnor.war. I debugged the guvnor code and found out that
> username is null in
> org.jboss.seam.security.IdentityImpl..activeAuthenticator. This is a JAAS
> Authenticator in which user is coming null. I found it out in
> IdentityImpl.postAuthenticate() method.****
>
> 1. seam-security-3.1.0.Final.jar with seam-security-3.2.0.Final.jar
> ****
> and****
> 2. seam-security-api-3.1.0.Final.jar with
> seam-security-api-3.2.0.Final.jar ****
>
> It worked with all the below configurations. I have created a number of
> users and they are getting authenticated. But, all the users are logged in
> with admin rights. I have two users which have “package.developer” rights
> but still those users can update any process in other packages. Even those
> users can update their own user permissions.****
>
> Regards,****
>
> Zahid Ahmed****
>
> *From:* rules-users-bounces at lists.jboss.org [mailto:rules-
> users-bounces at lists.jboss.org] *On Behalf Of *Stephen Masters
> *Sent:* 15 May 2013 13:01
> *To:* Rules Users List
> *Subject:* Re: [rules-users] Error : JAAS Authentication with Guvnor
> 5.5.0 and Authorization Error****
> ** **
> I think you may have hit this bug:****
> ** **
> https://issues.jboss.org/browse/GUVNOR-1976****
> ** **
> I think it might be a duplicate of another, which I cant find. At root
> that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented
> it from creating a security context. I'm not sure whether any solution was
> established though.****
> ** **
> Steve****
> ** **
> ** **
> ** **
> On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:***
> *
>
>
> ****
> ****
> Hi,****
> ****
> I have run into a set of errors configuring JAAS Authentication for
> Guvnor. I have searched a lot on jboss community and for all the solutions
> nothing is working for me. I am getting either the login popup or I am
> getting “This User has no permissions setup”. The Guvnor Manual is
> referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.****
> ****
> *Note : I am unable to find login-config.xml file mentioned in the
> following link.
> http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html
> *. Is guvnor deployment targeted only for JBOSS EAP 5.0 ?****
> ****
> *Environment:*****
> 1. Guvnor 5.5.0.Final****
> 2. JBOSS AS 7.1.0****
> ****
> *Files Configured** **(Only these files I configured):*****
> 1. Standalone.xml****
> 2. Guvnor.war/WEB-INF/beans.xml****
> 3. Created users using “add-user.sh”****
> 4. standalone/configuration/application-users.properties (attached).
> ****
> 5. standalone/configuration/application-roles.properties (attached)*
> ***
> 6. standalone/configuration/management-users.properties****
> ****
> ****
> *Configurations*****
> ****
> *Standalone.xml :*****
> Only configured below tags. There’s nothing else I changed for the purpose
> of JAAS Authentication and Guvnor Authorization. Added *<security-domain
> name="drools-guvnor" cache-type="default">* to check if “other” is not
> working.****
> ****
> <security-domain name="other" cache-type="default">****
> <authentication>****
> <login-module code="Remoting" flag="optional">****
> <module-option name="password-stacking"
> value="useFirstPass"/>****
> </login-module>****
> <login-module code="RealmUsersRoles"
> flag="required">****
> <module-option name="usersProperties"
> value="${jboss.server.config.dir}/application-users.properties"/>****
> <module-option name="rolesProperties"
> value="${jboss.server.config.dir}/application-roles.properties"/>****
> <module-option name="realm"
> value="ApplicationRealm"/>****
> <module-option name="password-stacking"
> value="useFirstPass"/>****
> </login-module>****
> </authentication>****
> </security-domain>****
> <security-domain name="drools-guvnor" cache-type="default">
> ****
> <authentication>****
> <login-module
> code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">*
> ***
> <module-option name="usersProperties"
> value="${jboss.server.config.dir}/application-users.properties"/>****
> <module-option name="rolesProperties"
> value="${jboss.server.config.dir}/application-roles.properties"/>****
> <module-option name="realm"
> value="ApplicationRealm"/>****
> <module-option name="password-stacking"
> value="useFirstPass"/>****
> </login-module>****
> </authentication>****
> </security-domain>****
> ****
> *Drools-guvnor.war*.****
> 1. beans.xml (Tried 4 different configs as suggested on community)**
> **
> *a.* *Config 1 (*Attached “Config1 beans.xml” and Config1 error.txt*)
> . **Error “This User has no permission setup”.*****
> <security:IdentityImpl>****
> <s:modifies/>****
> <!-- JAAS based authentication -->****
>
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> ****
> </security:IdentityImpl>****
> ****
> <security:jaas.JaasAuthenticator>****
> <s:modifies/>****
> <jaasConfigName>other</jaasConfigName>****
> </security:jaas.JaasAuthenticator>****
> ****
> ****
> <!-- SECURITY AUTHORIZATION CONFIGURATION -->****
> <!--****
> This is used to enable or disable role-based authorization. By
> default it is disabled.****
> -->****
> ****
> <guvnorSecurity:RoleBasedPermissionResolver>****
> <s:modifies/>****
>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> ****
> </guvnorSecurity:RoleBasedPermissionResolver>****
> ****
> *b.* *Config 2 (*Attached “Config2 beans.xml” and Config2 error.txt*
> ). **Error ** **“This User has no permission setup”.*****
> ****
> <security:IdentityImpl>****
> <s:modifies/>****
> <!-- JAAS based authentication -->****
>
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> ****
> </security:IdentityImpl>****
> ****
> <security:jaas.JaasAuthenticator>****
> <s:modifies/>****
> <security:jaasConfigName>drools-guvnor</security:jaasConfigName>****
> </security:jaas.JaasAuthenticator>****
> ****
> ****
> <!-- SECURITY AUTHORIZATION CONFIGURATION -->****
> <!--****
> This is used to enable or disable role-based authorization. By
> default it is disabled.****
> -->****
> ****
> <guvnorSecurity:RoleBasedPermissionResolver>****
> <s:modifies/>****
>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> ****
> </guvnorSecurity:RoleBasedPermissionResolver>****
> ****
> *c.* *Config 3 (*Attached “Config3 beans.xml” and Config1 error.txt*
> ). **Error **(Same error as of Config 1)** **“This User has no permission
> setup”.*****
> ****
> <security:IdentityImpl>****
> <s:modifies/>****
> <!-- JAAS based authentication -->****
>
> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
> ****
> </security:IdentityImpl>****
> ****
> <security:jaas.JaasAuthenticator>****
> <s:modifies/>****
> <jaasConfigName>other</jaasConfigName>****
> </security:jaas.JaasAuthenticator>****
> ****
> <guvnorSecurity:RoleBasedPermissionResolver>****
> <s:modifies/>****
>
> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
> ****
> </guvnorSecurity:RoleBasedPermissionResolver>****
> ****
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">****
> ****
> <s:modifies/>****
> ****
> <property name="enableRoleBasedAuthorization">true</property>****
> ****
> </component>****
> ****
> *I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to
> resolve this issue. I tried Tried without this also but at that time I get
> LOGIN screen which always says Incorrect User/Password.Is this required or
> * <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization
> config.****
> ****
> <component name="org.jboss.seam.security.roleBasedPermissionResolver">;***
> *
> ****
> <s:modifies/>****
> ****
> <property name="enableRoleBasedAuthorization">true</property>****
> ****
> </component>****
> ****
> ****
> Kindly help me in this configuration. I can’t find a single authentic
> document for my environment.****
> ****
> Regards,****
> Zahid****
> <standalone.xml><Guvnor User Permission
> tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1
> beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3
> beans.xml><Config3 error.txt>_______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users****
> ** **
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/2433c638/attachment-0001.html
More information about the rules-users
mailing list