9:05 a.m.
[
https://jira.jboss.org/jira/browse/JBRULES-1683?page=com.atlassian.jira.p...
]
Jaroslaw Kijanowski commented on JBRULES-1683:
----------------------------------------------
Ooooh, I see
I was using the LdapExtLoginModule, anyway it shouldn't matter what I use as long as
the assigned roles by my login module are in sync with Guvnor's stored in
org/drools/guvnor/server/security/RoleTypes.java, right?
However this was not the case, since this is new stuff not present in M1, hence not
documented there. To sum it up, when I'm going to use trunk and my own login module,
which will provide only roles known by Guvnor (defined in RoleTypes.java), should this
work or is it still 'under construction'? :)
BRMS: NPE at PackageBasedPermissionResolver.hasPermission when
working as non-admin
-----------------------------------------------------------------------------------
Key: JBRULES-1683
URL: https://jira.jboss.org/jira/browse/JBRULES-1683
Project: JBoss Drools
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: drools-brms
Affects Versions: 5.0.0.M1
Reporter: Jaroslaw Kijanowski
Assignee: Jervis Liu
Fix For: 5.0.0.M2
As long as I work with an admin user which has the admin role, everything looks good, but
when I use a regular user, which does not have the admin role, I'm not able to do
anything besides logging in. This is what I get when browsing a category/package/etc...
java.lang.NullPointerException at
org.drools.guvnor.server.security.PackageBasedPermissionResolver.hasPermission(PackageBasedPermissionResolver.java:76)
at
org.jboss.seam.security.permission.PermissionMapper.resolvePermission(PermissionMapper.java:77)
at org.jboss.seam.security.Identity.hasPermission(Identity.java:575) at
org.drools.guvnor.server.AssetItemFilter.accept(AssetItemFilter.java:33) at
org.drools.repository.RulesRepository.loadLinkedAssets(RulesRepository.java:779) at
org.drools.repository.RulesRepository.findAssetsByCategory(RulesRepository.java:733) at
org.drools.guvnor.server.ServiceImplementation.loadRuleListForCategories(ServiceImplementation.java:317)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:585) at
org.jboss.seam.util.Reflections.invoke(Reflections.java:21) at
org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31) at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at
org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:31)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:46) at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at
org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:42)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:118)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at
org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:166)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:102) at
org.drools.guvnor.server.ServiceImplementation_$$_javassist_3.loadRuleListForCategories(ServiceImplementation_$$_javassist_3.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:585) at
org.jboss.seam.remoting.gwt.GWTToSeamAdapter.callWebRemoteMethod(GWTToSeamAdapter.java:74)
at
org.jboss.seam.remoting.gwt.GWTRemoteServiceServlet.processCall(GWTRemoteServiceServlet.java:290)
at
org.jboss.seam.remoting.gwt.GWTRemoteServiceServlet.doPost(GWTRemoteServiceServlet.java:172)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42) at
org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at
java.lang.Thread.run(Thread.java:595)
OTOH when I want to perform some admin work as a non-admin I'm getting:
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression
[#{s:hasRole('admin')}] at
org.jboss.seam.security.Identity.checkRestriction(Identity.java:189) at
org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:83)
at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:116)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at
org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:166)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:102) at
org.drools.guvnor.server.ServiceImplementation_$$_javassist_3.createCategory(ServiceImplementation_$$_javassist_3.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:585) at
org.jboss.seam.remoting.gwt.GWTToSeamAdapter.callWebRemoteMethod(GWTToSeamAdapter.java:74)
at
org.jboss.seam.remoting.gwt.GWTRemoteServiceServlet.processCall(GWTRemoteServiceServlet.java:290)
at
org.jboss.seam.remoting.gwt.GWTRemoteServiceServlet.doPost(GWTRemoteServiceServlet.java:172)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42) at
org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at
java.lang.Thread.run(Thread.java:595)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira