<div>Hi Jervis,</div>
<div> </div>
<div>Thanks for the reply.</div>
<div> </div>
<div>Yes, this solve the problem.</div>
<div> </div>
<div>Thanks again.</div>
<div> </div>
<div> </div>
<div>Han Ming<br><br></div>
<div class="gmail_quote">On Mon, Aug 2, 2010 at 2:24 PM, Jervis Liu <span dir="ltr"><<a href="mailto:jliu@redhat.com">jliu@redhat.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Hi, the rolesProperties file (eg, guvnor-roles.properties) configured<br>in JBoss AS is not used by Guvnor authorization. Before you enable<br>
enable-role-based-authorization, you need to login and configure user<br>permissions in Guvnor "Administration". For example, you need to give<br>your "admin" user a full admin permission.<br><br>Hope this helps,<br>
Jervis<br>
<div>
<div></div>
<div class="h5"><br>Han Ming Low wrote:<br>> Hi all,<br>><br>> I try to enable the Role Base Authorization in Guvnor after it was<br>> running fine with the default login mechanism.<br>> But, encountered some problem with the attempt.<br>
><br>> What I did was that in the components.xml,<br>> - commented out the default <security:identity<br>> authenticate-method="#{defaultAuthenticator.authenticate}"/><br>> - uncomment the <security:identity<br>
> authenticate-method="#{authenticator.authenticate}"<br>> jaas-config-name="other"/><br>> - change the role base authorization to true,<br>> <security:role-based-permission-resolver<br>
> enable-role-based-authorization="true"/><br>><br>> And at the login-config.xml<br>> I have changed the "other" application policy to<br>> <application-policy name = "other"><br>
> <authentication><br>> <login-module code =<br>> "org.jboss.security.auth.spi.UsersRolesLoginModule"<br>> flag = "required" ><br>> <module-option<br>
> name="usersProperties">props/guvnor-users.properties</module-option><br>> <module-option<br>> name="rolesProperties">props/guvnor-roles.properties</module-option><br>
> </login-module><br>> </authentication><br>> </application-policy><br>><br>> guvnor-users.properties<br>> admin=admin12<br>> krisv=krisv<br>> john=john<br>> mary=mary<br>
><br>> guvnor-roles.properties<br>> admin=admin<br>> krisv=admin,manager,user<br>> john=admin,manager,user<br>> mary=admin,manager,user<br>><br>> After restarting JBoss, I can login based on the user and password<br>
> defined in the guvnor-users.properties.<br>> And, by changing the password in the properties, I verified that it is<br>> taking in the value from the file itself.<br>><br>> However, when I login as user admin and tried to access the<br>
> Administration | User Permission or Event Log,<br>> I'm prompt "Sorry, insufficient permissions to perform this action."<br>><br>> The error from the console is<br>> 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046<br>
> (LoggingHelper.java:error:76)<br>> Service method 'public abstract java.util.Map<br>> org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()<br>> throws<br>> org.drools.guvnor.client.rpc.DetailedSerializationException'<br>
> threw an unexpected exception:<br>> org.jboss.seam.security.AuthorizationException:<br>> Authorization check failed for<br>> permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]<br>
> org.jboss.seam.security.AuthorizationException: Authorization check<br>> failed for<br>> permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]<br>> at<br>> org.jboss.seam.security.Identity.checkPermission(Identity.java:581)<br>
> at<br>> org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)<br>> .....<br>><br>> Checking on the org.drools.guvnor.server.security.RoleTypes code, the<br>
> available role should be<br>> admin<br>> analyst<br>> analyst.readonly<br>> package.admin<br>> package.developer<br>> package.readonly<br>><br>> Can anyone help to let me know what's wrong with my configuration?<br>
><br>> Thanks.<br>><br>><br>> Han Ming<br></div></div>> ------------------------------------------------------------------------<br>><br>> _______________________________________________<br>> rules-users mailing list<br>
> <a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br>> <a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
><br><br>_______________________________________________<br>rules-users mailing list<br><a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
</blockquote></div><br>