Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error

I think there is another JIRA (that is closed for 5.6.x) that fixed the same problem. Any help cross-referencing and closing duplicates appreciated :) On 15 May 2013 13:49, Stephen Masters <stephen.masters(a)me.com&gt; wrote: That's great news. Sounds like a simple enough workaround. If you have an account on there, it would probably be a good idea to write the workaround into a comment on the Jira issue, so that future victims are able to fix their build quickly. Steve On 15 May 2013, at 13:28, Zahid Ahmed <zahid.ahmed(a)emirates.com&gt; wrote: > Hi Steve, > > Thanks for replying promptly. I have fixed this issue by replacing the following jars in guvnor.war. I debugged the guvnor code and found out that username is null in org.jboss.seam.security.IdentityImpl..activeAuthenticator. This is a JAAS Authenticator in which user is coming null. I found it out in IdentityImpl.postAuthenticate() method. > > 1. seam-security-3.1.0.Final.jar with seam-security-3.2.0.Final.jar > and > 2. seam-security-api-3.1.0.Final.jar with seam-security-api-3.2.0.Final.jar > > It worked with all the below configurations. I have created a number of users and they are getting authenticated. But, all the users are logged in with admin rights. I have two users which have “package.developer” rights but still those users can update any process in other packages. Even those users can update their own user permissions. > > Regards, > > Zahid Ahmed > > From: rules-users-bounces(a)lists.jboss.org [mailto:rules-users-bounces@lists.jboss.org] On Behalf Of Stephen Masters > Sent: 15 May 2013 13:01 > To: Rules Users List > Subject: Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error > > I think you may have hit this bug: > > https://issues.jboss.org/browse/GUVNOR-1976 > > I think it might be a duplicate of another, which I cant find. At root that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented it from creating a security context. I'm not sure whether any solution was established though. > > Steve > > > > On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed(a)emirates.com&gt; wrote: > > > > Hi, > > I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1. > > Note : I am unable to find login-config.xml file mentioned in the following link.http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/... . Is guvnor deployment targeted only for JBOSS EAP 5.0 ? > > Environment: > 1. Guvnor 5.5.0.Final > 2. JBOSS AS 7.1.0 > > Files Configured (Only these files I configured): > 1. Standalone.xml > 2. Guvnor.war/WEB-INF/beans.xml > 3. Created users using “add-user.sh” > 4. standalone/configuration/application-users.properties (attached). > 5. standalone/configuration/application-roles.properties (attached) > 6. standalone/configuration/management-users.properties > > > Configurations > > Standalone.xml : > Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working. > > <security-domain name="other" cache-type="default"> > <authentication> > <login-module code="Remoting" flag="optional"> > <module-option name="password-stacking" value="useFirstPass"/> > </login-module> > <login-module code="RealmUsersRoles" flag="required"> > <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> > <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> > <module-option name="realm" value="ApplicationRealm"/> > <module-option name="password-stacking" value="useFirstPass"/> > </login-module> > </authentication> > </security-domain> > <security-domain name="drools-guvnor" cache-type="default"> > <authentication> > <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> > <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> > <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> > <module-option name="realm" value="ApplicationRealm"/> > <module-option name="password-stacking" value="useFirstPass"/> > </login-module> > </authentication> > </security-domain> > > Drools-guvnor.war. > 1. beans.xml (Tried 4 different configs as suggested on community) > a. Config 1 (Attached “Config1 beans.xml” and Config1 error.txt) . Error “This User has no permission setup”. > <security:IdentityImpl> > <s:modifies/> > <!-- JAAS based authentication --> > <security:authenticatorName>jaasAuthenticator</security:authenticatorName> > </security:IdentityImpl> > > <security:jaas.JaasAuthenticator> > <s:modifies/> > <jaasConfigName>other</jaasConfigName> > </security:jaas.JaasAuthenticator> > > > <!-- SECURITY AUTHORIZATION CONFIGURATION --> > <!-- > This is used to enable or disable role-based authorization. By default it is disabled. > --> > > <guvnorSecurity:RoleBasedPermissionResolver> > <s:modifies/> > <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> > </guvnorSecurity:RoleBasedPermissionResolver> > > b. Config 2 (Attached “Config2 beans.xml” and Config2 error.txt). Error “This User has no permission setup”. > > <security:IdentityImpl> > <s:modifies/> > <!-- JAAS based authentication --> > <security:authenticatorName>jaasAuthenticator</security:authenticatorName> > </security:IdentityImpl> > > <security:jaas.JaasAuthenticator> > <s:modifies/> > <security:jaasConfigName>drools-guvnor</security:jaasConfigName> > </security:jaas.JaasAuthenticator> > > > <!-- SECURITY AUTHORIZATION CONFIGURATION --> > <!-- > This is used to enable or disable role-based authorization. By default it is disabled. > --> > > <guvnorSecurity:RoleBasedPermissionResolver> > <s:modifies/> > <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> > </guvnorSecurity:RoleBasedPermissionResolver> > > c. Config 3 (Attached “Config3 beans.xml” and Config1 error.txt). Error (Same error as of Config 1) “This User has no permission setup”. > > <security:IdentityImpl> > <s:modifies/> > <!-- JAAS based authentication --> > <security:authenticatorName>jaasAuthenticator</security:authenticatorName> > </security:IdentityImpl> > > <security:jaas.JaasAuthenticator> > <s:modifies/> > <jaasConfigName>other</jaasConfigName> > </security:jaas.JaasAuthenticator> > > <guvnorSecurity:RoleBasedPermissionResolver> > <s:modifies/> > <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> > </guvnorSecurity:RoleBasedPermissionResolver> > > <component name="org.jboss.seam.security.roleBasedPermissionResolver"> > > <s:modifies/> > > <property name="enableRoleBasedAuthorization">true</property> > > </component> > > I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config. > > <component name="org.jboss.seam.security.roleBasedPermissionResolver">; > > <s:modifies/> > > <property name="enableRoleBasedAuthorization">true</property> > > </component> > > > Kindly help me in this configuration. I can’t find a single authentic document for my environment. > > Regards, > Zahid > <standalone.xml><Guvnor User Permission tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1 beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3 beans.xml><Config3 error.txt>_______________________________________________ > rules-users mailing list > rules-users(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-users > > _______________________________________________ > rules-users mailing list > rules-users(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-users _______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users _______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users