Hi all,

 

I try to enable the Role Base Authorization in Guvnor after it was running fine with the default login mechanism.

But, encountered some problem with the attempt. 

 

What I did was that in the components.xml,

- commented out the default <security:identity authenticate-method="#{defaultAuthenticator.authenticate}"/>

- uncomment the <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="other"/>

- change the role base authorization to true, <security:role-based-permission-resolver enable-role-based-authorization="true"/>

 

And at the login-config.xml

I have changed the "other" application policy to

    <application-policy name = "other">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" >
           <module-option name="usersProperties">props/guvnor-users.properties</module-option>
           <module-option name="rolesProperties">props/guvnor-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

 

guvnor-users.properties

admin=admin12
krisv=krisv
john=john
mary=mary

 

guvnor-roles.properties

admin=admin
krisv=admin,manager,user
john=admin,manager,user
mary=admin,manager,user

 

After restarting JBoss, I can login based on the user and password defined in the guvnor-users.properties.

And, by changing the password in the properties, I verified that it is taking in the value from the file itself.

 

However, when I login as user admin and tried to access the Administration | User Permission or Event Log,

I'm prompt "Sorry, insufficient permissions to perform this action."

 

The error from the console is

11:15:36,046 INFO  [STDOUT] ERROR 29-07 11:15:36,046 (LoggingHelper.java:error:76)
Service method 'public abstract java.util.Map org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
       throws org.drools.guvnor.client.rpc.DetailedSerializationException'
       threw an unexpected exception: org.jboss.seam.security.AuthorizationException:
         Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
        at org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
        at org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)

.....

 

Checking on the org.drools.guvnor.server.security.RoleTypes code, the available role should be

admin

analyst

analyst.readonly

package.admin

package.developer

package.readonly

 

Can anyone help to let me know what's wrong with my configuration?

 

Thanks.

 

 

Han Ming