Re: [rules-users] Help : Enabling Role Base Authorization in Guvnor
Hi, the rolesProperties file (eg, guvnor-roles.properties) configured
in JBoss AS is not used by Guvnor authorization. Before you enable
enable-role-based-authorization, you need to login and configure user
permissions in Guvnor "Administration". For example, you need to give
your "admin" user a full admin permission.
Hope this helps,
Jervis
Han Ming Low wrote:
Hi all,
I try to enable the Role Base Authorization in Guvnor after it was
running fine with the default login mechanism.
But, encountered some problem with the attempt.
What I did was that in the components.xml,
- commented out the default <security:identity
authenticate-method="#{defaultAuthenticator.authenticate}"/>
- uncomment the <security:identity
authenticate-method="#{authenticator.authenticate}"
jaas-config-name="other"/>
- change the role base authorization to true,
<security:role-based-permission-resolver
enable-role-based-authorization="true"/>
And at the login-config.xml
I have changed the "other" application policy to
<application-policy name = "other">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" >
<module-option
name="usersProperties">props/guvnor-users.properties</module-option>
<module-option
name="rolesProperties">props/guvnor-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
guvnor-users.properties
admin=admin12
krisv=krisv
john=john
mary=mary
guvnor-roles.properties
admin=admin
krisv=admin,manager,user
john=admin,manager,user
mary=admin,manager,user
After restarting JBoss, I can login based on the user and password
defined in the guvnor-users.properties.
And, by changing the password in the properties, I verified that it is
taking in the value from the file itself.
However, when I login as user admin and tried to access the
Administration | User Permission or Event Log,
I'm prompt "Sorry, insufficient permissions to perform this action."
The error from the console is
11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046
(LoggingHelper.java:error:76)
Service method 'public abstract java.util.Map
org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions()
throws
org.drools.guvnor.client.rpc.DetailedSerializationException'
threw an unexpected exception:
org.jboss.seam.security.AuthorizationException:
Authorization check failed for
permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
org.jboss.seam.security.AuthorizationException: Authorization check
failed for
permission[org.drools.guvnor.server.security.AdminType@bf7a4d,admin]
at
org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
at
org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604)
.....
Checking on the org.drools.guvnor.server.security.RoleTypes code, the
available role should be
admin
analyst
analyst.readonly
package.admin
package.developer
package.readonly
Can anyone help to let me know what's wrong with my configuration?
Thanks.
Han Ming
------------------------------------------------------------------------
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users