Hi all,
I try to enable the Role Base Authorization in Guvnor after it was running
fine with the default login mechanism.
But, encountered some problem with the attempt.
What I did was that in the components.xml,
- commented out the default <security:identity
authenticate-method="#{defaultAuthenticator.authenticate}"/>
- uncomment the <security:identity
authenticate-method="#{authenticator.authenticate}"
jaas-config-name="other"/>
- change the role base authorization to true,
<security:role-based-permission-resolver
enable-role-based-authorization="true"/>
And at the login-config.xml
I have changed the "other" application policy to
<application-policy name = "other">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" >
<module-option
name="usersProperties">props/guvnor-users.properties</module-option>
<module-option
name="rolesProperties">props/guvnor-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
guvnor-users.properties
admin=admin12
krisv=krisv
john=john
mary=mary
guvnor-roles.properties
admin=admin
krisv=admin,manager,user
john=admin,manager,user
mary=admin,manager,user
After restarting JBoss, I can login based on the user and password defined
in the guvnor-users.properties.
And, by changing the password in the properties, I verified that it is
taking in the value from the file itself.
However, when I login as user admin and tried to access the Administration |
User Permission or Event Log,
I'm prompt "Sorry, insufficient permissions to perform this action."
The error from the console is
11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046
(LoggingHelper.java:error:76)
Service method 'public abstract java.util.Map
org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
throws org.drools.guvnor.client.rpc.DetailedSerializationException'
threw an unexpected exception:
org.jboss.seam.security.AuthorizationException:
Authorization check failed for
permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
org.jboss.seam.security.AuthorizationException: Authorization check failed
for permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
at
org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
at
org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
.....
Checking on the org.drools.guvnor.server.security.RoleTypes code, the
available role should be
admin
analyst
analyst.readonly
package.admin
package.developer
package.readonly
Can anyone help to let me know what's wrong with my configuration?
Thanks.
Han Ming