[jboss-jira] [JBoss JIRA] (DROOLS-1040) Kie server on Tomcat with JACCValve fails authorisation
Karel Suta (JIRA)
issues at jboss.org
Tue Jan 26 10:27:01 EST 2016
[ https://issues.jboss.org/browse/DROOLS-1040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153881#comment-13153881 ]
Karel Suta commented on DROOLS-1040:
------------------------------------
fixed and merged into master and 6.4.x
> Kie server on Tomcat with JACCValve fails authorisation
> -------------------------------------------------------
>
> Key: DROOLS-1040
> URL: https://issues.jboss.org/browse/DROOLS-1040
> Project: Drools
> Issue Type: Bug
> Components: kie server
> Affects Versions: 6.4.0.Beta1
> Environment: Tomcat
> Kie server 6.4.0-SNAPSHOT
> Reporter: Karel Suta
> Assignee: Karel Suta
> Priority: Minor
> Labels: reported-by-qe
> Fix For: 6.4.0.CR1
>
>
> When Kie server is run on Tomcat container with org.kie.integration.tomcat.JACCValve configured then JBPM operations which needs authorisation invoked on Kie server fails with:
> "User '[UserImpl:'Roles']' does not have permissions to execute operation...".
> Error happens just with JACCValve which is used for Workbench, so this isn't critical issue.
> Issue is caused by JACCValve which register PolicyContextHandler with Subject returning 2 principals in HashSet, one principal represents user, second represent its roles.
> JACCIdentityProvider in Kie server in method getName() returns first principal from Subject which it finds, in case it is roles principal then is returned "Roles" as user name, which is wrong.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list