Re: [rules-users] Help : Enabling Role Base Authorization in Guvnor
Hi Jervis, Thanks for the reply. Yes, this solve the problem. Thanks again. Han Ming On Mon, Aug 2, 2010 at 2:24 PM, Jervis Liu wrote: > Hi, the rolesProperties file (eg, guvnor-roles.properties) configured > in JBoss AS is not used by Guvnor authorization. Before you enable > enable-role-based-authorization, you need to login and configure user > permissions in Guvnor "Administration". For example, you need to give > your "admin" user a full admin permission. > > Hope this helps, > Jervis > > Han Ming Low wrote: > > Hi all, > > > > I try to enable the Role Base Authorization in Guvnor after it was > > running fine with the default login mechanism. > > But, encountered some problem with the attempt. > > > > What I did was that in the components.xml, > > - commented out the default > authenticate-method="#{defaultAuthenticator.authenticate}"/> > > - uncomment the > authenticate-method="#{authenticator.authenticate}" > > jaas-config-name="other"/> > > - change the role base authorization to true, > > > enable-role-based-authorization="true"/> > > > > And at the login-config.xml > > I have changed the "other" application policy to > > > > > >> "org.jboss.security.auth.spi.UsersRolesLoginModule" > > flag = "required" > > > > name="usersProperties">props/guvnor-users.properties > > > name="rolesProperties">props/guvnor-roles.properties > > > > > > > > > > guvnor-users.properties > > admin=admin12 > > krisv=krisv > > john=john > > mary=mary > > > > guvnor-roles.properties > > admin=admin > > krisv=admin,manager,user > > john=admin,manager,user > > mary=admin,manager,user > > > > After restarting JBoss, I can login based on the user and password > > defined in the guvnor-users.properties. > > And, by changing the password in the properties, I verified that it is > > taking in the value from the file itself. > > > > However, when I login as user admin and tried to access the > > Administration | User Permission or Event Log, > > I'm prompt "Sorry, insufficient permissions to perform this action." > > > > The error from the console is > > 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046 > > (LoggingHelper.java:error:76) > > Service method 'public abstract java.util.Map > > org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions() > >throws > > org.drools.guvnor.client.rpc.DetailedSerializationException' > >threw an unexpected exception: > > org.jboss.seam.security.AuthorizationException: > > Authorization check failed for > > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > > org.jboss.seam.security.AuthorizationException: Authorization check > > failed for > > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > > at > > org.jboss.seam.security.Identity.checkPermission(Identity.java:581) > > at > > > org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604) > > . > > > > Checking on the org.drools.guvnor.server.security.RoleTypes code, the > > available role should be > > admin > > analyst > > analyst.readonly > > package.admin > > package.developer > > package.readonly > > > > Can anyone help to let me know what's wrong with my configuration? > > > > Thanks. > > > > > > Han Ming > > > > > > ___ > > rules-users mailing list > > rules-users@lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/rules-users > > > > ___ > rules-users mailing list > rules-users@lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-users > ___ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users
Re: [rules-users] Help : Enabling Role Base Authorization in Guvnor
Hi, the rolesProperties file (eg, guvnor-roles.properties) configured in JBoss AS is not used by Guvnor authorization. Before you enable enable-role-based-authorization, you need to login and configure user permissions in Guvnor "Administration". For example, you need to give your "admin" user a full admin permission. Hope this helps, Jervis Han Ming Low wrote: > Hi all, > > I try to enable the Role Base Authorization in Guvnor after it was > running fine with the default login mechanism. > But, encountered some problem with the attempt. > > What I did was that in the components.xml, > - commented out the default authenticate-method="#{defaultAuthenticator.authenticate}"/> > - uncomment the authenticate-method="#{authenticator.authenticate}" > jaas-config-name="other"/> > - change the role base authorization to true, > enable-role-based-authorization="true"/> > > And at the login-config.xml > I have changed the "other" application policy to > > >"org.jboss.security.auth.spi.UsersRolesLoginModule" > flag = "required" > > name="usersProperties">props/guvnor-users.properties > name="rolesProperties">props/guvnor-roles.properties > > > > > guvnor-users.properties > admin=admin12 > krisv=krisv > john=john > mary=mary > > guvnor-roles.properties > admin=admin > krisv=admin,manager,user > john=admin,manager,user > mary=admin,manager,user > > After restarting JBoss, I can login based on the user and password > defined in the guvnor-users.properties. > And, by changing the password in the properties, I verified that it is > taking in the value from the file itself. > > However, when I login as user admin and tried to access the > Administration | User Permission or Event Log, > I'm prompt "Sorry, insufficient permissions to perform this action." > > The error from the console is > 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046 > (LoggingHelper.java:error:76) > Service method 'public abstract java.util.Map > org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions() >throws > org.drools.guvnor.client.rpc.DetailedSerializationException' >threw an unexpected exception: > org.jboss.seam.security.AuthorizationException: > Authorization check failed for > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > org.jboss.seam.security.AuthorizationException: Authorization check > failed for > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > at > org.jboss.seam.security.Identity.checkPermission(Identity.java:581) > at > org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604) > . > > Checking on the org.drools.guvnor.server.security.RoleTypes code, the > available role should be > admin > analyst > analyst.readonly > package.admin > package.developer > package.readonly > > Can anyone help to let me know what's wrong with my configuration? > > Thanks. > > > Han Ming > > > ___ > rules-users mailing list > rules-users@lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-users > ___ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users
[rules-users] Help : Enabling Role Base Authorization in Guvnor
Hi all, I try to enable the Role Base Authorization in Guvnor after it was running fine with the default login mechanism. But, encountered some problem with the attempt. What I did was that in the components.xml, - commented out the default - uncomment the - change the role base authorization to true, And at the login-config.xml I have changed the "other" application policy to props/guvnor-users.properties props/guvnor-roles.properties guvnor-users.properties admin=admin12 krisv=krisv john=john mary=mary guvnor-roles.properties admin=admin krisv=admin,manager,user john=admin,manager,user mary=admin,manager,user After restarting JBoss, I can login based on the user and password defined in the guvnor-users.properties. And, by changing the password in the properties, I verified that it is taking in the value from the file itself. However, when I login as user admin and tried to access the Administration | User Permission or Event Log, I'm prompt "Sorry, insufficient permissions to perform this action." The error from the console is 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046 (LoggingHelper.java:error:76) Service method 'public abstract java.util.Map org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions() throws org.drools.guvnor.client.rpc.DetailedSerializationException' threw an unexpected exception: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] at org.jboss.seam.security.Identity.checkPermission(Identity.java:581) at org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604) . Checking on the org.drools.guvnor.server.security.RoleTypes code, the available role should be admin analyst analyst.readonly package.admin package.developer package.readonly Can anyone help to let me know what's wrong with my configuration? Thanks. Han Ming ___ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users