Hi,

 

I am configuring DB based JAAS Authentication for Kie-Drools-Workbench 6.1.0. Server log shows user is authenticated and roles are assigned to the user. But KIE login form says “Login failed: Not Authorized “.

 

I have also added roles in Organizational Unit, Repository and Projects using kie-config-cli. But still getting the same error.

 

Kindly let me know what wrong am I doing.

 

Standalone.xml

                <security-domain name="drools-guvnor" cache-type="default">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                            <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/jbpmStagingRWDS"/>

                            <module-option name="principalsQuery" value="select PASSWORD from principals where PRINCIPALID=?"/>

                            <module-option name="rolesQuery" value="select ROLE,ROLEGROUP from roles WHERE principalid=?"/>

                            <module-option name="hashAlgorithm" value="MD5"/>

                            <module-option name="hashEncoding" value="base64"/>

                            <module-option name="hashCharset" value="UTF-8"/>

                            <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                    </authentication>

                </security-domain>

 

Kie-drools-wb.War / WEB_INF/jboss-web.xml|

<security-domain>drools-guvnor</security-domain>

 

Server Logs

13:55:22,408 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) initialize

13:55:22,410 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Security domain: other

13:55:22,412 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Password hashing activated: algorithm = MD5, encoding = base64, charset = UTF-8, callback = null, storeCallback = null

13:55:22,415 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) DatabaseServerLoginModule, dsJndiName=java:jboss/datasources/jdbc/jbpmStagingRWDS

13:55:22,419 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) principalsQuery=select PASSWORD from principals where PRINCIPALID=?

13:55:22,422 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) rolesQuery=select ROLE,ROLEGROUP from roles WHERE principalid=?

13:55:22,424 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendResume=true

13:55:22,426 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) login

13:55:22,428 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction

13:55:22,489 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select PASSWORD from principals where PRINCIPALID=?, with username: iit

13:55:22,495 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Obtained user password

13:55:22,497 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction

13:55:22,499 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) User 'iit' authenticated, loginOk=true

13:55:22,501 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) commit, loginOk=true

13:55:22,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) getRoleSets using rolesQuery: select ROLE,ROLEGROUP from roles WHERE principalid=?, username: iit

13:55:22,507 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction

13:55:22,509 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select ROLE,ROLEGROUP from roles WHERE principalid=?, with username: iit

13:55:22,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role admin

13:55:22,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role analyst

13:55:22,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role developer

13:55:22,521 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role manager

13:55:22,523 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role user

13:55:22,525 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction

13:55:22,527 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) defaultLogin, lc=javax.security.auth.login.LoginContext@3460a6, subject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincip

al(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12

885648(managergrp(members:manager))

13:55:22,538 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) updateCache, inputSubject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup

@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager)), cacheSubj

ect=Subject(11399784).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648

(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager))

13:55:22,556 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@5bd7b

13:55:22,560 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) End isValid, true

13:55:22,562 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

13:55:22,576 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

13:55:22,578 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Flushing iit from cache

13:55:22,580 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) logout

13:55:22,841 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-3) Setting threadlocal:null

13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null

 

 

Config Tool

 

********************************************************

 

************* Welcome to Kie config CLI ****************

 

********************************************************

 

>>Please specify location of the parent folder of .niogit

D:\Servers\Drools-6-Deployment\Server-A-As-7\bin

>>Please enter command (type help to see available commands):

add-role-repo

>>Repository alias:netsolrepo

>>Security roles (comma separated list):admin,analyst,business,user,developer

Result:

Role admin added successfully to repository netsolrepo

Role analyst added successfully to repository netsolrepo

Role business added successfully to repository netsolrepo

Role user added successfully to repository netsolrepo

Role developer added successfully to repository netsolrepo

 

>>>>>>>>>>>>>>>>>>>>>>>>>>> 

>>Please enter command (type help to see available commands):

add-role-org-unit

>>Organizational Unit name:netsol

>>Security roles (comma separated list):admin,analyst,business,user,developer

Result:

Role admin added successfully to Organizational Unit netsol

Role analyst added successfully to Organizational Unit netsol

Role business added successfully to Organizational Unit netsol

Role user added successfully to Organizational Unit netsol

Role developer added successfully to Organizational Unit netsol

 

 

Regards,

 

Zahid Ahmed