[rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
Stephen Masters
stephen.masters at me.com
Wed May 15 10:09:45 EDT 2013
I have just added a bit of cross referencing. As Mike mentions, I'm sure there was a Guvnor bug raised, which was flagged as fixed. However, I can't find it linked off the Seam bug, and I can't find it through a bit of keyword searching in Jira.
btw … I thought my English was reasonable, but I can't for the life of me work out what the difference is between "relates to" and "is related to" when linking 2 issues. Feel free to correct the link I created.
On 15 May 2013, at 13:56, Michael Anstis <michael.anstis at gmail.com> wrote:
> I think there is another JIRA (that is closed for 5.6.x) that fixed the same problem.
>
> Any help cross-referencing and closing duplicates appreciated :)
>
>
> On 15 May 2013 13:49, Stephen Masters <stephen.masters at me.com> wrote:
> That's great news. Sounds like a simple enough workaround.
>
> If you have an account on there, it would probably be a good idea to write the workaround into a comment on the Jira issue, so that future victims are able to fix their build quickly.
>
> Steve
>
>
> On 15 May 2013, at 13:28, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:
>
>> Hi Steve,
>>
>> Thanks for replying promptly. I have fixed this issue by replacing the following jars in guvnor.war. I debugged the guvnor code and found out that username is null in org.jboss.seam.security.IdentityImpl..activeAuthenticator. This is a JAAS Authenticator in which user is coming null. I found it out in IdentityImpl.postAuthenticate() method.
>>
>> 1. seam-security-3.1.0.Final.jar with seam-security-3.2.0.Final.jar
>> and
>> 2. seam-security-api-3.1.0.Final.jar with seam-security-api-3.2.0.Final.jar
>>
>> It worked with all the below configurations. I have created a number of users and they are getting authenticated. But, all the users are logged in with admin rights. I have two users which have “package.developer” rights but still those users can update any process in other packages. Even those users can update their own user permissions.
>>
>> Regards,
>>
>> Zahid Ahmed
>>
>> From: rules-users-bounces at lists.jboss.org [mailto:rules-users-bounces at lists.jboss.org] On Behalf Of Stephen Masters
>> Sent: 15 May 2013 13:01
>> To: Rules Users List
>> Subject: Re: [rules-users] Error : JAAS Authentication with Guvnor 5.5.0 and Authorization Error
>>
>> I think you may have hit this bug:
>>
>> https://issues.jboss.org/browse/GUVNOR-1976
>>
>> I think it might be a duplicate of another, which I cant find. At root that was a Seam JAAS bug (5.5 introduced Guvnor to Seam 3), which prevented it from creating a security context. I'm not sure whether any solution was established though.
>>
>> Steve
>>
>>
>>
>> On 15 May 2013, at 09:27, Zahid Ahmed <zahid.ahmed at emirates.com> wrote:
>>
>>
>>
>> Hi,
>>
>> I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.
>>
>> Note : I am unable to find login-config.xml file mentioned in the following link.http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?
>>
>> Environment:
>> 1. Guvnor 5.5.0.Final
>> 2. JBOSS AS 7.1.0
>>
>> Files Configured (Only these files I configured):
>> 1. Standalone.xml
>> 2. Guvnor.war/WEB-INF/beans.xml
>> 3. Created users using “add-user.sh”
>> 4. standalone/configuration/application-users.properties (attached).
>> 5. standalone/configuration/application-roles.properties (attached)
>> 6. standalone/configuration/management-users.properties
>>
>>
>> Configurations
>>
>> Standalone.xml :
>> Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working.
>>
>> <security-domain name="other" cache-type="default">
>> <authentication>
>> <login-module code="Remoting" flag="optional">
>> <module-option name="password-stacking" value="useFirstPass"/>
>> </login-module>
>> <login-module code="RealmUsersRoles" flag="required">
>> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
>> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
>> <module-option name="realm" value="ApplicationRealm"/>
>> <module-option name="password-stacking" value="useFirstPass"/>
>> </login-module>
>> </authentication>
>> </security-domain>
>> <security-domain name="drools-guvnor" cache-type="default">
>> <authentication>
>> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
>> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
>> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
>> <module-option name="realm" value="ApplicationRealm"/>
>> <module-option name="password-stacking" value="useFirstPass"/>
>> </login-module>
>> </authentication>
>> </security-domain>
>>
>> Drools-guvnor.war.
>> 1. beans.xml (Tried 4 different configs as suggested on community)
>> a. Config 1 (Attached “Config1 beans.xml” and Config1 error.txt) . Error “This User has no permission setup”.
>> <security:IdentityImpl>
>> <s:modifies/>
>> <!-- JAAS based authentication -->
>> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>> </security:IdentityImpl>
>>
>> <security:jaas.JaasAuthenticator>
>> <s:modifies/>
>> <jaasConfigName>other</jaasConfigName>
>> </security:jaas.JaasAuthenticator>
>>
>>
>> <!-- SECURITY AUTHORIZATION CONFIGURATION -->
>> <!--
>> This is used to enable or disable role-based authorization. By default it is disabled.
>> -->
>>
>> <guvnorSecurity:RoleBasedPermissionResolver>
>> <s:modifies/>
>> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>> </guvnorSecurity:RoleBasedPermissionResolver>
>>
>> b. Config 2 (Attached “Config2 beans.xml” and Config2 error.txt). Error “This User has no permission setup”.
>>
>> <security:IdentityImpl>
>> <s:modifies/>
>> <!-- JAAS based authentication -->
>> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>> </security:IdentityImpl>
>>
>> <security:jaas.JaasAuthenticator>
>> <s:modifies/>
>> <security:jaasConfigName>drools-guvnor</security:jaasConfigName>
>> </security:jaas.JaasAuthenticator>
>>
>>
>> <!-- SECURITY AUTHORIZATION CONFIGURATION -->
>> <!--
>> This is used to enable or disable role-based authorization. By default it is disabled.
>> -->
>>
>> <guvnorSecurity:RoleBasedPermissionResolver>
>> <s:modifies/>
>> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>> </guvnorSecurity:RoleBasedPermissionResolver>
>>
>> c. Config 3 (Attached “Config3 beans.xml” and Config1 error.txt). Error (Same error as of Config 1) “This User has no permission setup”.
>>
>> <security:IdentityImpl>
>> <s:modifies/>
>> <!-- JAAS based authentication -->
>> <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
>> </security:IdentityImpl>
>>
>> <security:jaas.JaasAuthenticator>
>> <s:modifies/>
>> <jaasConfigName>other</jaasConfigName>
>> </security:jaas.JaasAuthenticator>
>>
>> <guvnorSecurity:RoleBasedPermissionResolver>
>> <s:modifies/>
>> <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
>> </guvnorSecurity:RoleBasedPermissionResolver>
>>
>> <component name="org.jboss.seam.security.roleBasedPermissionResolver">
>>
>> <s:modifies/>
>>
>> <property name="enableRoleBasedAuthorization">true</property>
>>
>> </component>
>>
>> I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.
>>
>> <component name="org.jboss.seam.security.roleBasedPermissionResolver">;
>>
>> <s:modifies/>
>>
>> <property name="enableRoleBasedAuthorization">true</property>
>>
>> </component>
>>
>>
>> Kindly help me in this configuration. I can’t find a single authentic document for my environment.
>>
>> Regards,
>> Zahid
>> <standalone.xml><Guvnor User Permission tab.png><application-roles.properties><application-users.properties><mgmt-users.properties><Config1 beans.xml><Config1 error.txt><Config2 beans.xml><Config2 error.txt><Config3 beans.xml><Config3 error.txt>_______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20130515/a5b3ce37/attachment-0001.html
More information about the rules-users
mailing list