Hi,
I am configuring DB based JAAS Authentication for Kie-Drools-Workbench 6.1.0. Server log (Pasted Below) shows user is authenticated and roles are assigned to the user. But KIE login form says “Login failed: Not Authorized “. I have also added roles in Organizational Unit, Repository and Projects using kie-config-cli. But still getting the same error. Kindly let me know what wrong am I doing. Standalone.xml <security-domain name="drools-guvnor" cache-type="default"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/jbpmStagingRWDS"/> <module-option name="principalsQuery" value="select PASSWORD from principals where PRINCIPALID=?"/> <module-option name="rolesQuery" value="select ROLE,ROLEGROUP from roles WHERE principalid=?"/> <module-option name="hashAlgorithm" value="MD5"/> <module-option name="hashEncoding" value="base64"/> <module-option name="hashCharset" value="UTF-8"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> Kie-drools-wb.War / WEB_INF/jboss-web.xml| <security-domain>drools-guvnor</security-domain> Server Logs 13:55:22,408 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) initialize 13:55:22,410 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Security domain: other 13:55:22,412 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Password hashing activated: algorithm = MD5, encoding = base64, charset = UTF-8, callback = null, storeCallback = null 13:55:22,415 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) DatabaseServerLoginModule, dsJndiName=java:jboss/datasources/jdbc/jbpmStagingRWDS 13:55:22,419 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) principalsQuery=select PASSWORD from principals where PRINCIPALID=? 13:55:22,422 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) rolesQuery=select ROLE,ROLEGROUP from roles WHERE principalid=? 13:55:22,424 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendResume=true 13:55:22,426 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) login 13:55:22,428 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction 13:55:22,489 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select PASSWORD from principals where PRINCIPALID=?, with username: iit 13:55:22,495 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Obtained user password 13:55:22,497 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction 13:55:22,499 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) User 'iit' authenticated, loginOk=true 13:55:22,501 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) commit, loginOk=true 13:55:22,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) getRoleSets using rolesQuery: select ROLE,ROLEGROUP from roles WHERE principalid=?, username: iit 13:55:22,507 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction 13:55:22,509 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select ROLE,ROLEGROUP from roles WHERE principalid=?, with username: iit 13:55:22,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role admin 13:55:22,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role analyst 13:55:22,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role developer 13:55:22,521 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role manager 13:55:22,523 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role user 13:55:22,525 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction 13:55:22,527 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) defaultLogin, lc=javax.security.auth.login.LoginContext@3460a6, subject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincip al(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12 885648(managergrp(members:manager)) 13:55:22,538 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) updateCache, inputSubject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup @12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager)), cacheSubj ect=Subject(11399784).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648 (analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager)) 13:55:22,556 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@5bd7b 13:55:22,560 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) End isValid, true 13:55:22,562 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null 13:55:22,576 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null 13:55:22,578 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Flushing iit from cache 13:55:22,580 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) logout 13:55:22,841 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-3) Setting threadlocal:null 13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null 13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null Config Tool ******************************************************** ************* Welcome to Kie config CLI **************** ******************************************************** >>Please specify location of the parent folder of .niogit D:\Servers\Drools-6-Deployment\Server-A-As-7\bin >>Please enter command (type help to see available commands): add-role-repo >>Repository alias:netsolrepo >>Security roles (comma separated list):admin,analyst,business,user,developer Result: Role admin added successfully to repository netsolrepo Role analyst added successfully to repository netsolrepo Role business added successfully to repository netsolrepo Role user added successfully to repository netsolrepo Role developer added successfully to repository netsolrepo >>>>>>>>>>>>>>>>>>>>>>>>>>> >>Please enter command (type help to see available commands): add-role-org-unit >>Organizational Unit name:netsol >>Security roles (comma separated list):admin,analyst,business,user,developer Result: Role admin added successfully to Organizational Unit netsol Role analyst added successfully to Organizational Unit netsol Role business added successfully to Organizational Unit netsol Role user added successfully to Organizational Unit netsol Role developer added successfully to Organizational Unit netsol Regards, Zahid Ahmed -- View this message in context: http://drools.46999.n3.nabble.com/Workbench-JAAS-Authenticated-But-NOT-Authorized-tp4030241.html Sent from the Drools: User forum mailing list archive at Nabble.com. _______________________________________________ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users