1 Reply Latest reply on Oct 5, 2012 11:16 AM by Jose Miguel Loor

    How to take Guvnor user roles from a directory server?

    Fernanda Reyes Newbie

      Hello!

       

      I am trying to make work Drools Guvnor with my LDAP directory server as documentation indicates and I have not get the results as I expected, I will really appreciate your help in letting me know the scope in this items:

       

      • How do I set Guvnor to take the roles assigned to users in my directory server and not have to make a configuration in the user permission section of the tool?
      • Does Guvnor has the capabilities to make the association of permissions to a user automatically with making a user part of a role?

       

       

      The configuration I have done until now is this:

       

      Guvnor documentation indicates that it is necessary to enable authorization configured in the components.xml file element:

      <security:role-based-permission-resolver enable-role-based-authorization="true"/>

       

      and login-config.xml file attributes:


              <module-option name="rolesCtxDN">ou=Roles,DC=my,DC=company,DC=com</module-option>
              <module-option name="roleFilter">(uniquemember={1})</module-option>
              <module-option name="roleAttributeID">cn</module-option>
              <module-option name="roleAttributeIsDN">false</module-option>
              <module-option name="roleNameAttributeID">cn</module-option>
              <module-option name="roleRecursion">-1</module-option>

       

      Viewing the source code of Guvnor, I found that there are 6 roles Guvnor used to provide access to users:
      admin
      analyst
      analyst.readonly
      package.admin
      package.developer
      package.readonly

       

      then, I configured them on my directory server, after doing this, I see that the authentication process works fine, but authorization is not clear to me, because even assign a role to a user in LDAP, it seems that Guvnor ignores it and send me when logging an error message like this:

       

        Error This user has no permissions setup.

      and on the console:

       

      11:49:13,898 INFO [STDOUT] INFO 08-11 11:49:13,898 (SecurityServiceImpl.java: login: 75) Logging in user [user]
      11:49:14,273 INFO [STDOUT] INFO 08-11 11:49:14,258 (LoggingHelper.java: info: 58) Service method 'public abstract org.drools.guvnor.client
      . Security.Capabilities org.drools.guvnor.client.rpc.SecurityService.getUserCapabilities () 'Threw an unexpected exception: org.jboss.seam.security
      . AuthorizationException: This user has no permissions setup.
      com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract org.drools.guv org.drools.guvnor.client.security.Capabilities
      nor.client.rpc.SecurityService.getUserCapabilities () 'Threw an unexpected exception: org.jboss.seam.security.AuthorizationException: This user has no setup permissions.

       

      Thanks in advance!