<div>Hi Jervis,</div>
<div> </div>
<div>Thanks for the reply.</div>
<div> </div>
<div>Yes, this solve the problem.</div>
<div> </div>
<div>Thanks again.</div>
<div> </div>
<div> </div>
<div>Han Ming<br><br></div>
<div class="gmail_quote">On Mon, Aug 2, 2010 at 2:24 PM, Jervis Liu <span dir="ltr">&lt;<a href="mailto:jliu@redhat.com">jliu@redhat.com</a>&gt;</span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Hi, the rolesProperties file (eg,  guvnor-roles.properties) configured<br>in JBoss AS is not used by Guvnor authorization. Before you enable<br>
enable-role-based-authorization, you need to login and configure user<br>permissions in Guvnor &quot;Administration&quot;. For example, you need to give<br>your &quot;admin&quot; user a full admin permission.<br><br>Hope this helps,<br>
Jervis<br>
<div>
<div></div>
<div class="h5"><br>Han Ming Low wrote:<br>&gt; Hi all,<br>&gt;<br>&gt; I try to enable the Role Base Authorization in Guvnor after it was<br>&gt; running fine with the default login mechanism.<br>&gt; But, encountered some problem with the attempt.<br>
&gt;<br>&gt; What I did was that in the components.xml,<br>&gt; - commented out the default &lt;security:identity<br>&gt; authenticate-method=&quot;#{defaultAuthenticator.authenticate}&quot;/&gt;<br>&gt; - uncomment the &lt;security:identity<br>
&gt; authenticate-method=&quot;#{authenticator.authenticate}&quot;<br>&gt; jaas-config-name=&quot;other&quot;/&gt;<br>&gt; - change the role base authorization to true,<br>&gt; &lt;security:role-based-permission-resolver<br>
&gt; enable-role-based-authorization=&quot;true&quot;/&gt;<br>&gt;<br>&gt; And at the login-config.xml<br>&gt; I have changed the &quot;other&quot; application policy to<br>&gt;     &lt;application-policy name = &quot;other&quot;&gt;<br>
&gt;        &lt;authentication&gt;<br>&gt;           &lt;login-module code =<br>&gt; &quot;org.jboss.security.auth.spi.UsersRolesLoginModule&quot;<br>&gt;              flag = &quot;required&quot; &gt;<br>&gt;            &lt;module-option<br>
&gt; name=&quot;usersProperties&quot;&gt;props/guvnor-users.properties&lt;/module-option&gt;<br>&gt;            &lt;module-option<br>&gt; name=&quot;rolesProperties&quot;&gt;props/guvnor-roles.properties&lt;/module-option&gt;<br>
&gt;           &lt;/login-module&gt;<br>&gt;        &lt;/authentication&gt;<br>&gt;     &lt;/application-policy&gt;<br>&gt;<br>&gt; guvnor-users.properties<br>&gt; admin=admin12<br>&gt; krisv=krisv<br>&gt; john=john<br>&gt; mary=mary<br>
&gt;<br>&gt; guvnor-roles.properties<br>&gt; admin=admin<br>&gt; krisv=admin,manager,user<br>&gt; john=admin,manager,user<br>&gt; mary=admin,manager,user<br>&gt;<br>&gt; After restarting JBoss, I can login based on the user and password<br>
&gt; defined in the guvnor-users.properties.<br>&gt; And, by changing the password in the properties, I verified that it is<br>&gt; taking in the value from the file itself.<br>&gt;<br>&gt; However, when I login as user admin and tried to access the<br>
&gt; Administration | User Permission or Event Log,<br>&gt; I&#39;m prompt &quot;Sorry, insufficient permissions to perform this action.&quot;<br>&gt;<br>&gt; The error from the console is<br>&gt; 11:15:36,046 INFO  [STDOUT] ERROR 29-07 11:15:36,046<br>
&gt; (LoggingHelper.java:error:76)<br>&gt; Service method &#39;public abstract java.util.Map<br>&gt; org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()<br>&gt;        throws<br>&gt; org.drools.guvnor.client.rpc.DetailedSerializationException&#39;<br>
&gt;        threw an unexpected exception:<br>&gt; org.jboss.seam.security.AuthorizationException:<br>&gt;          Authorization check failed for<br>&gt; permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]<br>
&gt; org.jboss.seam.security.AuthorizationException: Authorization check<br>&gt; failed for<br>&gt; permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]<br>&gt;         at<br>&gt; org.jboss.seam.security.Identity.checkPermission(Identity.java:581)<br>
&gt;         at<br>&gt; org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)<br>&gt; .....<br>&gt;<br>&gt; Checking on the org.drools.guvnor.server.security.RoleTypes code, the<br>
&gt; available role should be<br>&gt; admin<br>&gt; analyst<br>&gt; analyst.readonly<br>&gt; package.admin<br>&gt; package.developer<br>&gt; package.readonly<br>&gt;<br>&gt; Can anyone help to let me know what&#39;s wrong with my configuration?<br>
&gt;<br>&gt; Thanks.<br>&gt;<br>&gt;<br>&gt; Han Ming<br></div></div>&gt; ------------------------------------------------------------------------<br>&gt;<br>&gt; _______________________________________________<br>&gt; rules-users mailing list<br>
&gt; <a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br>&gt; <a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
&gt;<br><br>_______________________________________________<br>rules-users mailing list<br><a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
</blockquote></div><br>