[rules-users] Workbench JAAS Authenticated , But NOT Authorized
706826
zahid.ahmed at emirates.com
Sun Jul 6 03:34:39 EDT 2014
Hi,
I am configuring DB based JAAS Authentication for Kie-Drools-Workbench
6.1.0. Server log (Pasted Below) shows user is authenticated and roles are
assigned to the user. But KIE login form says “Login failed: Not Authorized
“.
I have also added roles in Organizational Unit, Repository and Projects
using kie-config-cli. But still getting the same error.
Kindly let me know what wrong am I doing.
Standalone.xml
<security-domain name="drools-guvnor" cache-type="default">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName"
value="java:jboss/datasources/jdbc/jbpmStagingRWDS"/>
<module-option name="principalsQuery"
value="select PASSWORD from principals where PRINCIPALID=?"/>
<module-option name="rolesQuery" value="select
ROLE,ROLEGROUP from roles WHERE principalid=?"/>
<module-option name="hashAlgorithm"
value="MD5"/>
<module-option name="hashEncoding"
value="base64"/>
<module-option name="hashCharset"
value="UTF-8"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
Kie-drools-wb.War / WEB_INF/jboss-web.xml|
<security-domain>drools-guvnor</security-domain>
Server Logs
13:55:22,408 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) initialize
13:55:22,410 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Security domain: other
13:55:22,412 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Password hashing activated: algorithm = MD5,
encoding = base64, charset = UTF-8, callback = null, storeCallback = null
13:55:22,415 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) DatabaseServerLoginModule,
dsJndiName=java:jboss/datasources/jdbc/jbpmStagingRWDS
13:55:22,419 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) principalsQuery=select PASSWORD from principals
where PRINCIPALID=?
13:55:22,422 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) rolesQuery=select ROLE,ROLEGROUP from roles WHERE
principalid=?
13:55:22,424 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendResume=true
13:55:22,426 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) login
13:55:22,428 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendAnyTransaction
13:55:22,489 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Excuting query: select PASSWORD from principals
where PRINCIPALID=?, with username: iit
13:55:22,495 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Obtained user password
13:55:22,497 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) resumeAnyTransaction
13:55:22,499 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) User 'iit' authenticated, loginOk=true
13:55:22,501 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) commit, loginOk=true
13:55:22,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) getRoleSets using rolesQuery: select ROLE,ROLEGROUP
from roles WHERE principalid=?, username: iit
13:55:22,507 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) suspendAnyTransaction
13:55:22,509 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Excuting query: select ROLE,ROLEGROUP from roles
WHERE principalid=?, with username: iit
13:55:22,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role admin
13:55:22,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role analyst
13:55:22,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role developer
13:55:22,521 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role manager
13:55:22,523 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) Assign user to role user
13:55:22,525 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) resumeAnyTransaction
13:55:22,527 TRACE
[org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) defaultLogin,
lc=javax.security.auth.login.LoginContext at 3460a6,
subject=Subject(11883582).principals=org.jboss.security.SimplePrincipal at 25145532(iit)org.jboss.security.SimpleGroup at 12885648(CallerPrincip
al(members:iit))org.jboss.security.SimpleGroup at 12885648(admingrp(members:admin))org.jboss.security.SimpleGroup at 12885648(usergrp(members:user))org.jboss.security.SimpleGroup at 12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup at 12885648(developergrp(members:developer))org.jboss.security.SimpleGroup at 12
885648(managergrp(members:manager))
13:55:22,538 TRACE
[org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) updateCache,
inputSubject=Subject(11883582).principals=org.jboss.security.SimplePrincipal at 25145532(iit)org.jboss.security.SimpleGroup at 12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup
@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup at 12885648(usergrp(members:user))org.jboss.security.SimpleGroup at 12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup at 12885648(developergrp(members:developer))org.jboss.security.SimpleGroup at 12885648(managergrp(members:manager)),
cacheSubj
ect=Subject(11399784).principals=org.jboss.security.SimplePrincipal at 25145532(iit)org.jboss.security.SimpleGroup at 12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup at 12885648(admingrp(members:admin))org.jboss.security.SimpleGroup at 12885648(usergrp(members:user))org.jboss.security.SimpleGroup at 12885648
(analystgrp(members:analyst))org.jboss.security.SimpleGroup at 12885648(developergrp(members:developer))org.jboss.security.SimpleGroup at 12885648(managergrp(members:manager))
13:55:22,556 TRACE
[org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) Inserted cache info:
org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo at 5bd7b
13:55:22,560 TRACE
[org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) End isValid, true
13:55:22,562 TRACE [org.jboss.security.SecurityRolesAssociation]
(http--127.0.0.1-8080-2) Setting threadlocal:null
13:55:22,576 TRACE [org.jboss.security.SecurityRolesAssociation]
(http--127.0.0.1-8080-2) Setting threadlocal:null
13:55:22,578 TRACE
[org.jboss.security.authentication.JBossCachedAuthenticationManager]
(http--127.0.0.1-8080-2) Flushing iit from cache
13:55:22,580 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule]
(http--127.0.0.1-8080-2) logout
13:55:22,841 TRACE [org.jboss.security.SecurityRolesAssociation]
(http--127.0.0.1-8080-3) Setting threadlocal:null
13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation]
(http--127.0.0.1-8080-2) Setting threadlocal:null
13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation]
(http--127.0.0.1-8080-1) Setting threadlocal:null
Config Tool
********************************************************
************* Welcome to Kie config CLI ****************
********************************************************
>>Please specify location of the parent folder of .niogit
D:\Servers\Drools-6-Deployment\Server-A-As-7\bin
>>Please enter command (type help to see available commands):
add-role-repo
>>Repository alias:netsolrepo
>>Security roles (comma separated
list):admin,analyst,business,user,developer
Result:
Role admin added successfully to repository netsolrepo
Role analyst added successfully to repository netsolrepo
Role business added successfully to repository netsolrepo
Role user added successfully to repository netsolrepo
Role developer added successfully to repository netsolrepo
>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>Please enter command (type help to see available commands):
add-role-org-unit
>>Organizational Unit name:netsol
>>Security roles (comma separated
list):admin,analyst,business,user,developer
Result:
Role admin added successfully to Organizational Unit netsol
Role analyst added successfully to Organizational Unit netsol
Role business added successfully to Organizational Unit netsol
Role user added successfully to Organizational Unit netsol
Role developer added successfully to Organizational Unit netsol
Regards,
Zahid Ahmed
--
View this message in context: http://drools.46999.n3.nabble.com/Workbench-JAAS-Authenticated-But-NOT-Authorized-tp4030241.html
Sent from the Drools: User forum mailing list archive at Nabble.com.
More information about the rules-users
mailing list