Hi,
I am configuring DB based JAAS Authentication for Kie-Drools-Workbench 6.1.0. Server log
shows user is authenticated and roles are assigned to the user. But KIE login form says
"Login failed: Not Authorized ".
I have also added roles in Organizational Unit, Repository and Projects using
kie-config-cli. But still getting the same error.
Kindly let me know what wrong am I doing.
Standalone.xml
<security-domain name="drools-guvnor"
cache-type="default">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName"
value="java:jboss/datasources/jdbc/jbpmStagingRWDS"/>
<module-option name="principalsQuery"
value="select PASSWORD from principals where PRINCIPALID=?"/>
<module-option name="rolesQuery"
value="select ROLE,ROLEGROUP from roles WHERE principalid=?"/>
<module-option name="hashAlgorithm"
value="MD5"/>
<module-option name="hashEncoding"
value="base64"/>
<module-option name="hashCharset"
value="UTF-8"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
Kie-drools-wb.War / WEB_INF/jboss-web.xml|
<security-domain>drools-guvnor</security-domain>
Server Logs
13:55:22,408 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) initialize
13:55:22,410 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Security domain: other
13:55:22,412 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Password hashing activated: algorithm = MD5, encoding = base64,
charset = UTF-8, callback = null, storeCallback = null
13:55:22,415 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) DatabaseServerLoginModule,
dsJndiName=java:jboss/datasources/jdbc/jbpmStagingRWDS
13:55:22,419 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) principalsQuery=select PASSWORD from principals where
PRINCIPALID=?
13:55:22,422 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) rolesQuery=select ROLE,ROLEGROUP from roles WHERE principalid=?
13:55:22,424 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendResume=true
13:55:22,426 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) login
13:55:22,428 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendAnyTransaction
13:55:22,489 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Excuting query: select PASSWORD from principals where
PRINCIPALID=?, with username: iit
13:55:22,495 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Obtained user password
13:55:22,497 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) resumeAnyTransaction
13:55:22,499 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) User 'iit' authenticated, loginOk=true
13:55:22,501 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) commit, loginOk=true
13:55:22,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) getRoleSets using rolesQuery: select ROLE,ROLEGROUP from roles
WHERE principalid=?, username: iit
13:55:22,507 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendAnyTransaction
13:55:22,509 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Excuting query: select ROLE,ROLEGROUP from roles WHERE
principalid=?, with username: iit
13:55:22,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role admin
13:55:22,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role analyst
13:55:22,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role developer
13:55:22,521 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role manager
13:55:22,523 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role user
13:55:22,525 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) resumeAnyTransaction
13:55:22,527 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) defaultLogin, lc=javax.security.auth.login.LoginContext@3460a6,
subject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup(a)12885648(CallerPrincip
al(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12
885648(managergrp(members:manager))
13:55:22,538 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) updateCache,
inputSubject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup
@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager)),
cacheSubj
ect=Subject(11399784).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648
(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager))
13:55:22,556 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) Inserted cache info:
org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@5bd7b
13:55:22,560 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) End isValid, true
13:55:22,562 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2)
Setting threadlocal:null
13:55:22,576 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2)
Setting threadlocal:null
13:55:22,578 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) Flushing iit from cache
13:55:22,580 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) logout
13:55:22,841 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-3)
Setting threadlocal:null
13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2)
Setting threadlocal:null
13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1)
Setting threadlocal:null
Config Tool
********************************************************
************* Welcome to Kie config CLI ****************
********************************************************
>Please specify location of the parent folder of .niogit
D:\Servers\Drools-6-Deployment\Server-A-As-7\bin
>Please enter command (type help to see available commands):
add-role-repo
>Repository alias:netsolrepo
>Security roles (comma separated list):admin,analyst,business,user,developer
Result:
Role admin added successfully to repository netsolrepo
Role analyst added successfully to repository netsolrepo
Role business added successfully to repository netsolrepo
Role user added successfully to repository netsolrepo
Role developer added successfully to repository netsolrepo
>>>>>>>>>>>>>>>>>>>>>>>>>>>
>Please enter command (type help to see available commands):
add-role-org-unit
>Organizational Unit name:netsol
>Security roles (comma separated list):admin,analyst,business,user,developer
Result:
Role admin added successfully to Organizational Unit netsol
Role analyst added successfully to Organizational Unit netsol
Role business added successfully to Organizational Unit netsol
Role user added successfully to Organizational Unit netsol
Role developer added successfully to Organizational Unit netsol
Regards,
Zahid Ahmed