Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error

That's great news. Sounds like a simple enough workaround. If you have an account on there, it would probably be a good idea to write the workaround into a comment on the Jira issue, so that future victims are able to fix their build quickly. Steve On 15 May 2013, at 13:28, Zahid Ahmed <zahid.ahmed(a)emirates.com&gt; wrote: Hi Steve,**** Thanks for replying promptly. I have fixed this issue by replacing the following jars in guvnor.war. I debugged the guvnor code and found out that username is null in org.jboss.seam.security.IdentityImpl..activeAuthenticator. This is a JAAS Authenticator in which user is coming null. I found it out in IdentityImpl.postAuthenticate() method.**** 1. seam-security-3.1.0.Final.jar with seam-security-3.2.0.Final.jar **** and**** 2. seam-security-api-3.1.0.Final.jar with seam-security-api-3.2.0.Final.jar **** It worked with all the below configurations. I have created a number of users and they are getting authenticated. But, all the users are logged in with admin rights. I have two users which have “package.developer” rights but still those users can update any process in other packages. Even those users can update their own user permissions.**** Regards,**** Zahid Ahmed**** *From:* rules-users-bounces(a)lists.jboss.org [mailto:rules- users-bounces(a)lists.jboss.org] *On Behalf Of *Stephen Masters *Sent:* 15 May 2013 13:01 *To:* Rules Users List *Subject:* Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error**** ** ** I think you may have hit this bug:**** ** ** https://issues.jboss.org/browse/GUVNOR-1976**** ** ** I think it might be a duplicate of another, which I cant find. At root that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented it from creating a security context. I'm not sure whether any solution was established though.**** ** ** Steve**** ** ** ** ** ** ** On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed(a)emirates.com&gt; wrote:*** * **** **** Hi,**** **** I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.**** **** *Note : I am unable to find login-config.xml file mentioned in the following link. http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/... *. Is guvnor deployment targeted only for JBOSS EAP 5.0 ?**** **** *Environment:***** 1. Guvnor 5.5.0.Final**** 2. JBOSS AS 7.1.0**** **** *Files Configured** **(Only these files I configured):***** 1. Standalone.xml**** 2. Guvnor.war/WEB-INF/beans.xml**** 3. Created users using “add-user.sh”**** 4. standalone/configuration/application-users.properties (attached). **** 5. standalone/configuration/application-roles.properties (attached)* *** 6. standalone/configuration/management-users.properties**** **** **** *Configurations***** **** *Standalone.xml :***** Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added *<security-domain name="drools-guvnor" cache-type="default">* to check if “other” is not working.**** **** <security-domain name="other" cache-type="default">**** <authentication>**** <login-module code="Remoting" flag="optional">**** <module-option name="password-stacking" value="useFirstPass"/>**** </login-module>**** <login-module code="RealmUsersRoles" flag="required">**** <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>**** <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>**** <module-option name="realm" value="ApplicationRealm"/>**** <module-option name="password-stacking" value="useFirstPass"/>**** </login-module>**** </authentication>**** </security-domain>**** <security-domain name="drools-guvnor" cache-type="default"> **** <authentication>**** <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">* *** <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>**** <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>**** <module-option name="realm" value="ApplicationRealm"/>**** <module-option name="password-stacking" value="useFirstPass"/>**** </login-module>**** </authentication>**** </security-domain>**** **** *Drools-guvnor.war*.**** 1. beans.xml (Tried 4 different configs as suggested on community)** ** *a.* *Config 1 (*Attached “Config1 beans.xml” and Config1 error.txt*) . **Error “This User has no permission setup”.***** <security:IdentityImpl>**** <s:modifies/>**** <!-- JAAS based authentication -->**** <security:authenticatorName>jaasAuthenticator</security:authenticatorName> **** </security:IdentityImpl>**** **** <security:jaas.JaasAuthenticator>**** <s:modifies/>**** <jaasConfigName>other</jaasConfigName>**** </security:jaas.JaasAuthenticator>**** **** **** <!-- SECURITY AUTHORIZATION CONFIGURATION -->**** <!--**** This is used to enable or disable role-based authorization. By default it is disabled.**** -->**** **** <guvnorSecurity:RoleBasedPermissionResolver>**** <s:modifies/>**** <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> **** </guvnorSecurity:RoleBasedPermissionResolver>**** **** *b.* *Config 2 (*Attached “Config2 beans.xml” and Config2 error.txt* ). **Error ** **“This User has no permission setup”.***** **** <security:IdentityImpl>**** <s:modifies/>**** <!-- JAAS based authentication -->**** <security:authenticatorName>jaasAuthenticator</security:authenticatorName> **** </security:IdentityImpl>**** **** <security:jaas.JaasAuthenticator>**** <s:modifies/>**** <security:jaasConfigName>drools-guvnor</security:jaasConfigName>**** </security:jaas.JaasAuthenticator>**** **** **** <!-- SECURITY AUTHORIZATION CONFIGURATION -->**** <!--**** This is used to enable or disable role-based authorization. By default it is disabled.**** -->**** **** <guvnorSecurity:RoleBasedPermissionResolver>**** <s:modifies/>**** <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> **** </guvnorSecurity:RoleBasedPermissionResolver>**** **** *c.* *Config 3 (*Attached “Config3 beans.xml” and Config1 error.txt* ). **Error **(Same error as of Config 1)** **“This User has no permission setup”.***** **** <security:IdentityImpl>**** <s:modifies/>**** <!-- JAAS based authentication -->**** <security:authenticatorName>jaasAuthenticator</security:authenticatorName> **** </security:IdentityImpl>**** **** <security:jaas.JaasAuthenticator>**** <s:modifies/>**** <jaasConfigName>other</jaasConfigName>**** </security:jaas.JaasAuthenticator>**** **** <guvnorSecurity:RoleBasedPermissionResolver>**** <s:modifies/>**** <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization> **** </guvnorSecurity:RoleBasedPermissionResolver>**** **** <component name="org.jboss.seam.security.roleBasedPermissionResolver">**** **** <s:modifies/>**** **** <property name="enableRoleBasedAuthorization">true</property>**** **** </component>**** **** *I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or * <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.**** **** <component name="org.jboss.seam.security.roleBasedPermissionResolver">;*** * **** <s:modifies/>**** **** <property name="enableRoleBasedAuthorization">true</property>**** **** </component>**** **** **** Kindly help me in this configuration. I can’t find a single authentic document for my environment.**** **** Regards,**** Zahid**** <standalone.xml><Guvnor User Permission tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1 beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3 beans.xml><Config3 error.txt>_______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users**** ** ** _______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users _______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users