6 Replies Latest reply on Apr 1, 2008 1:56 PM by jdriver

    HTTP Status 403 - Access to the requested resource has been

    jdriver
    jdriver Mar 26, 2008 5:24 PM

      I have recently purchased the book by Matt Cumberlidge titled "Business Process Management with JBoss jBPM". The book has a good demo that you build while learning about jBPM called "Bland Records".

      The book directs you to download jpdl3.2.GA, jdk 1.5_09 and eclipse 3.2.
      I downloaded jpdl3.2.2 suite, which includes a JBoss 4.0.4 app server.
      I also have JDK 1.5 and eclipse 3.3.

      All of the steps of building the app as described in the book work fine. I generate the forms from the task nodes in the process definition. I see the xhtml files generated and have inspected and compared to that in the book and it is the same jsf source code. The book provides sql scripts that set up the users in the Hypersonic database. This all runs correctly.

      Then the book says to deploy to the JBoss server and this part seems go correctly. I test the connection to the server and that returns correctly. But when I try to log in as the user specified I get the tomcat server exception listed in the subject line.

      Hoping that someone might provide me a hint of where to look to see what may be causing this. It seems like it may be a permissions setting in the JBoss config. Any suggestions or additional questions would be appreciated. I have written a simple application using jBPM and am quite familiar with the server side components thanks to some useful tips from this forum in the past.

      Would also be interested in any other tutorials or links that show how to deploy jBPM generated forms to the JBoss app server.

      Thanks!

      • 3142 Views
      • Tags:
        • 1. Re: HTTP Status 403 - Access to the requested resource has b
          kukeltje
          kukeltje Mar 27, 2008 3:38 AM (in response to jdriver)

          could be that there is a security constraint in the web.xml. by default jbpm does not have that but it might be put in there for some reason.

          btw, what is the url u are using?

            • Actions
          • 2. Re: HTTP Status 403 - Access to the requested resource has b
            sdickerson.perse
            sdickerson.perse Mar 27, 2008 8:05 AM (in response to jdriver)

            The problem is that the users the book has you add do not have a "security-role" association. Here's what you can do to resolve this problem:

            Insert a row in the JBPM_ID_MEMBERSHIP table for each new user to associate the user with one of the security-roles (manager, participant or administrator...or you can keep it simple and just make them all participants).

            Explode the jbpm-console.war file in a temporary location. Edit the web.xml file so that the security-role section looks like this:

            <!--
 This role list should be changed to include all the relevant roles for your
 environment.
 -->
 <security-role>
 <role-name>admin</role-name>
 </security-role>
 <security-role>
 <role-name>user</role-name>
 </security-role>
 <security-role>
 <role-name>manager</role-name>
 </security-role>
 <security-role>
 <role-name>participant</role-name>
 </security-role>
 <security-role>
 <role-name>administrator</role-name>
 </security-role>


            Now, just zip up the war file again (if you use a zip program be sure to change to file extension to 'war').

            And redeploy jbpm-console.war.

            Let me know if you have any trouble with these instructions and I'll be glad to elaborate on them.

            Scott

              • Actions
            • 3. Re: HTTP Status 403 - Access to the requested resource has b
              jdriver
              jdriver Mar 27, 2008 4:32 PM (in response to jdriver)

              Thanks for the suggestions.

              I tried these suggestions but still have the same issue. I added these roles to the web.xml since only admin was present initially and redeployed the war file. I checked this several times and it seems to be OK now.

              The URL I am hitting is the one they tell you to use in the book:
              http://localhost:8080/jbpm-console

              When I go there I see the following sample users listed next to the credentials input fields :
              user name_____________password_____________ group
              manager **************manager ***********user,manager,admin
              -----------------------------------------------------------------------
              user ****************** user **************user
              -------------------------------------------------------------------
              shipper ***************shipper ************** user
              -----------------------------------------------------------------
              admin ***************admin***************user,admin

              I tried adding powellb into the manager and admin groups. He was already in the participants group via the SQL script from the book.

              The following security constraint is present in the web.xml:

              <security-constraint>
              <web-resource-collection>
              <web-resource-name>Secure Area</web-resource-name>
              <url-pattern>/sa/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
              <role-name>user</role-name>
              </auth-constraint>
              </security-constraint>


              I can login ok as manager/manager and admin/admin. These credentials allow me to login and view all the deployed processes, tokens, tasks,etc so I believe the JPBM process deployed. when I changed the role-name above from "user" to "powellb" then couldn't log in as manager anymore, so changed that back. My assumption is that powellb should take me to the form for swimlane"Talent scout", but the url I am redirected towards is http://localhost:8080/jbpm-console/sa/processes.jsf

              In the book the URL seems to be
              http://localhost:8080/jbpm-console/search/tasks.jsf

              but after logging in as manager/manager I put that URL in the browser and get:
              HTTP Status 404 - /jbpm-console/search/tasks.jsf

                • Actions
              • 4. Re: HTTP Status 403 - Access to the requested resource has b
                sdickerson.perse
                sdickerson.perse Mar 28, 2008 8:04 AM (in response to jdriver)

                Oops. I left out this change in web.xml:


                <security-constraint>
                <web-resource-collection>
                <web-resource-name>Secure Area</web-resource-name>
                <url-pattern>/sa/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                </web-resource-collection>
                <auth-constraint>
                <role-name>user</role-name>
                <role-name>manager</role-name>
                <role-name>admin</role-name>
                <role-name>participant</role-name>
                <role-name>administrator</role-name>
                </auth-constraint>
                </security-constraint>


                See if that helps.

                Scott

                  • Actions
                • 5. Re: HTTP Status 403 - Access to the requested resource has b
                  sdickerson.perse
                  sdickerson.perse Mar 28, 2008 8:29 AM (in response to jdriver)

                  I think that URL should be /sa/tasks.jsf.

                  You can post errata you find on the book's support site.

                    • Actions
                  • 6. Re: HTTP Status 403 - Access to the requested resource has b
                    jdriver
                    jdriver Apr 1, 2008 1:56 PM (in response to jdriver)

                    Those last changes to the web.xml caused the login to start working fopr powellb.

                    The jbpm console has changed alot since the publication of this book less than one year ago. This helps me get farther now.

                    Thanks!

                      • Actions