Hi all,
I try to enable the Role Base Authorization in Guvnor after it was running fine with the default login mechanism.
But, encountered some problem with the attempt.
What I did was that in the components.xml,
- commented out the default <security:identity authenticate-method="#{defaultAuthenticator.authenticate}"/>
- uncomment the <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="other"/>
- change the role base authorization to true, <security:role-based-permission-resolver enable-role-based-authorization="true"/>
And at the login-config.xml
I have changed the "other" application policy to
<application-policy name = "other">
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" >
<module-option name="usersProperties">props/guvnor-users.properties</module-option>
<module-option name="rolesProperties">props/guvnor-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
guvnor-users.properties
admin=admin12
krisv=krisv
john=john
mary=mary
guvnor-roles.properties
admin=admin
krisv=admin,manager,user
john=admin,manager,user
mary=admin,manager,user
After restarting JBoss, I can login based on the user and password defined in the guvnor-users.properties.
And, by changing the password in the properties, I verified that it is taking in the value from the file itself.
However, when I login as user admin and tried to access the Administration | User Permission or Event Log,
I'm prompt "Sorry, insufficient permissions to perform this action."
The error from the console is
11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046 (LoggingHelper.java:error:76)
Service method 'public abstract java.util.Map org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
throws org.drools.guvnor.client.rpc.DetailedSerializationException'
threw an unexpected exception: org.jboss.seam.security.AuthorizationException:
Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
at org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
at org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
.....
Checking on the org.drools.guvnor.server.security.RoleTypes code, the available role should be
admin
analyst
analyst.readonly
package.admin
package.developer
package.readonly
Can anyone help to let me know what's wrong with my configuration?
Thanks.
Han Ming