1 Reply Latest reply on May 15, 2013 4:44 AM by Zahid Ahmed Prs

    Guvnor JAAS authentification with jboss7

    sandy yang Newbie

      My version of the drools guvnor is 5.5.0.Final, the Jboss is 7.1.1.


      I tried to change guvnor to use jaas to login, so I added the configuraions as followed

       


      1. add the data source

       

      <datasource jndi-name="java:jboss/datasources/guvnor" pool-name="guvnor-ds-pool">
                         <connection-url>jdbc:postgresql://localhost/guvnor</connection-url>
                         <driver>postgresql</driver>
                         <security>
                             <user-name>postgres</user-name>
                             <password>root</password>
                         </security>
          </datasource>
      
      

       

       

      2. add the jaas configuration

       

      <security-domain name="drools-guvnor-jaas">
                         <authentication>
                             <login-module code="Database" flag="optional">
                                 <module-option name="dsJndiName" value="java:jboss/datasources/guvnor"/>
                                 <module-option name="principalsQuery" value="select password from guvnorusers where username=?"/>
                                 <module-option name="rolesQuery" value="select role,'Roles' from userrole where userName=?"/>
                             </login-module>
                         </authentication>
           </security-domain>
      
      

       

       

      then change the configuration for the 'drools-guvnor.war\WEB-INF\beans.xml' file as followed,


      <security:IdentityImpl>
         <s:modifies/>
      
      
         <!-- JAAS based authentication -->
         <security:authenticatorName>jaasAuthenticator</security:authenticatorName>
      
         <!-- IDM based authentication (supports LDAP, see Seam 3 and PicketLink IDM documentation) -->
         <!--<security:authenticatorClass>org.jboss.seam.security.management.IdmAuthenticator</security:authenticator>-->
        </security:IdentityImpl>
      
        <security:jaas.JaasAuthenticator>
         <s:modifies/>
         <!--
           The following one will use the jaas configuration called "other",
           which in jboss AS means you can use properties files for users.
         -->
               <security:jaasConfigName>drools-guvnor-jaas</security:jaasConfigName>
        </security:jaas.JaasAuthenticator>
      
      
        <!-- SECURITY AUTHORIZATION CONFIGURATION -->
        <!--
           This is used to enable or disable role-based authorization. By default it is disabled.
        -->
        <guvnorSecurity:RoleBasedPermissionResolver>
         <s:modifies/>
         <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
        </guvnorSecurity:RoleBasedPermissionResolver>
      
        <weld:scan>
         <!-- Disable the seam-security by drools rules -->
         <weld:exclude name="org.jboss.seam.security.permission.RuleBasedPermissionResolver"/>
         <!-- TODO remove me when GUVNOR-1196 is fixed -->
         <weld:exclude name="org.drools.guvnor.gwtutil.**"/>
         <weld:exclude name="org.drools.guvnor.client.**"/>
        </weld:scan>
      
      

       

       

       

      after the adjustment, guvnor could be restart smoothly, but when I log in http://127.0.0.1:8080/drools-guvnor via browser, there is no login interface at all, instead there was an error message ”401 This user has no permissions setup” popup, meanwile, the exception happened in the system background as followed


      18:36:02,832 ERROR [org.jboss.seam.security.jaas.JaasAuthenticator] (http--127.0.0.1-8080-1) JAAS authentication failed: javax.security.auth.login.LoginException: java.lang.NullPointerException
               at org.jboss.as.security.RealmUsersRolesLoginModule.createPasswordHash(RealmUsersRolesLoginModule.java:42)
               at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:247)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
               at java.security.AccessController.doPrivileged(Native Method)
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
               at org.jboss.seam.security.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:59)
               at org.jboss.seam.security.jaas.JaasAuthenticator$Proxy$_$$_WeldClientProxy.authenticate(JaasAuthenticator$Proxy$_$$_WeldClientProxy.java)
               at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:224)
               at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:163)
               at org.jboss.seam.security.IdentityImpl$Proxy$_$$_WeldClientProxy.login(IdentityImpl$Proxy$_$$_WeldClientProxy.java)
               at org.drools.guvnor.server.security.SecurityServiceImpl.tryAutoLoginAsGuest(SecurityServiceImpl.java:110)
               at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:99)
               at org.drools.guvnor.server.security.SecurityServiceImpl$Proxy$_$$_WeldClientProxy.getCurrentUser(SecurityServiceImpl$Proxy$_$$_WeldClientProxy.java)
               at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:74)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
               at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
               at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
               at org.jboss.solder.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65)
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
               at org.jboss.solder.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:74)
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
               at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
               at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
               at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
               at java.lang.Thread.run(Thread.java:619)
      
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872) [rt.jar:1.6.0_11]
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_11]
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_11]
               at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_11]
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_11]
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_11]
               at org.jboss.seam.security.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:59) [seam-security-3.1.0.Final.jar:3.1.0.Final]
               at org.jboss.seam.security.jaas.JaasAuthenticator$Proxy$_$$_WeldClientProxy.authenticate(JaasAuthenticator$Proxy$_$$_WeldClientProxy.java) [seam-security-3.1.0.Final.jar:3.1.0.Final]
               at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:224) [seam-security-3.1.0.Final.jar:3.1.0.Final]
               at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:163) [seam-security-3.1.0.Final.jar:3.1.0.Final]
               at org.jboss.seam.security.IdentityImpl$Proxy$_$$_WeldClientProxy.login(IdentityImpl$Proxy$_$$_WeldClientProxy.java) [seam-security-3.1.0.Final.jar:3.1.0.Final]
              at org.drools.guvnor.server.security.SecurityServiceImpl.tryAutoLoginAsGuest(SecurityServiceImpl.java:110) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:99) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.security.SecurityServiceImpl$Proxy$_$$_WeldClientProxy.getCurrentUser(SecurityServiceImpl$Proxy$_$$_WeldClientProxy.java) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:74) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_11]
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_11]
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_11]
               at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_11]
               at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet-2.4.0.jar:]
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.solder.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65) [solder-impl-3.1.1.Final.jar:3.1.1.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.solder.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:74) [solder-impl-3.1.1.Final.jar:3.1.1.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
               at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_11]
      
      18:36:03,022 WARN  [org.drools.guvnor.server.repository.RulesRepositoryManager] (http--127.0.0.1-8080-1) Creating RulesRepository with default username.
      18:36:03,031 INFO  [org.drools.repository.RulesRepositoryConfigurator] (http--127.0.0.1-8080-1) Creating an instance of the RulesRepositoryConfigurator.
      18:36:03,290 WARN  [org.apache.jackrabbit.core.util.RepositoryLock] (http--127.0.0.1-8080-1) Existing lock file D:\AP_SERVER\jboss-as-7.1.1.Final\bin\repository\.lock detected. Repository was not shut down properly.
      18:36:03,469 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) Starting repository...
      18:36:03,474 INFO  [org.apache.jackrabbit.core.fs.local.LocalFileSystem] (http--127.0.0.1-8080-1) LocalFileSystem initialized at path repository\repository
      18:36:03,650 INFO  [org.apache.jackrabbit.core.fs.local.LocalFileSystem] (http--127.0.0.1-8080-1) LocalFileSystem initialized at path repository\version
      18:36:06,464 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) initializing workspace 'default'...
      18:36:06,466 INFO  [org.apache.jackrabbit.core.fs.local.LocalFileSystem] (http--127.0.0.1-8080-1) LocalFileSystem initialized at path repository\workspaces\default
      18:36:09,213 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex] (http--127.0.0.1-8080-1) Index initialized: repository/repository/index Version: 3
      18:36:09,291 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex] (http--127.0.0.1-8080-1) Index initialized: repository\workspaces\default/index Version: 3
      18:36:09,304 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) workspace 'default' initialized
      18:36:09,311 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) SecurityManager = class org.apache.jackrabbit.core.security.simple.SimpleSecurityManager
      18:36:09,314 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) initializing workspace 'security'...
      18:36:09,316 INFO  [org.apache.jackrabbit.core.fs.local.LocalFileSystem] (http--127.0.0.1-8080-1) LocalFileSystem initialized at path repository\workspaces\security
      18:36:10,152 INFO  [org.apache.jackrabbit.core.query.lucene.SearchIndex] (http--127.0.0.1-8080-1) Index initialized: repository\workspaces\security/index Version: 3
      18:36:10,155 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) workspace 'security' initialized
      18:36:10,157 INFO  [org.apache.jackrabbit.core.security.simple.SimpleSecurityManager] (http--127.0.0.1-8080-1) init: using Repository LoginModule configuration for Jackrabbit
      18:36:10,164 INFO  [org.apache.jackrabbit.core.RepositoryImpl] (http--127.0.0.1-8080-1) Repository started (6695ms)
      18:36:10,166 INFO  [org.apache.jackrabbit.core.TransientRepository] (http--127.0.0.1-8080-1) Transient repository initialized
      18:36:10,211 INFO  [org.apache.jackrabbit.core.TransientRepository] (http--127.0.0.1-8080-1) Session opened
      18:36:10,228 INFO  [org.apache.jackrabbit.core.TransientRepository] (http--127.0.0.1-8080-1) Session opened
      18:36:10,252 INFO  [org.drools.guvnor.server.SecurityServiceServlet] (http--127.0.0.1-8080-1) Service method 'public abstract org.drools.guvnor.client.rpc.UserSecurityContext org.drools.guvnor.client.rpc.SecurityService.getCurrentUser()' threw an unexpected exception: org.jboss.seam.security.AuthorizationException: This user has no permissions setup.: com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract org.drools.guvnor.client.rpc.UserSecurityContext org.drools.guvnor.client.rpc.SecurityService.getCurrentUser()' threw an unexpected exception: org.jboss.seam.security.AuthorizationException: This user has no permissions setup.
               at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:385) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:588) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248) [gwt-servlet-2.4.0.jar:]
               at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet-2.4.0.jar:]
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.solder.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65) [solder-impl-3.1.1.Final.jar:3.1.1.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.solder.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:74) [solder-impl-3.1.1.Final.jar:3.1.1.Final]
               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
               at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
               at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_11]
      Caused by: org.jboss.seam.security.AuthorizationException: This user has no permissions setup.
               at org.drools.guvnor.server.security.SecurityServiceImpl.getUserCapabilities(SecurityServiceImpl.java:128) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:101) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.security.SecurityServiceImpl$Proxy$_$$_WeldClientProxy.getCurrentUser(SecurityServiceImpl$Proxy$_$$_WeldClientProxy.java) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:74) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_11]
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_11]
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_11]
               at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_11]
               at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569) [gwt-servlet-2.4.0.jar:]
               ... 27 more
      
      18:36:10,412 INFO  [org.apache.jackrabbit.core.TransientRepository] (http--127.0.0.1-8080-1) Session closed
      
      
      

       

       

       

      any idear?

      Can you tell me what cause this error/exception?

        • 1. Re: Guvnor JAAS authentification with jboss7
          Zahid Ahmed Prs Newbie

          Hi,

           

          I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.

           

          Note : I am unable to find login-config.xml file mentioned in the following link. http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?

           

          Environment:

          1. Guvnor 5.5.0.Final
          2. JBOSS AS 7.1.0

           

          Files Configured (Only these files I configured):

          1. Standalone.xml
          2. Guvnor.war/WEB-INF/beans.xml
          3. Created users using “add-user.sh”
          4. standalone/configuration/application-users.properties

                    iitDev2=6c92af2424e69ba3cdc2ca981c9fc02b

                    admin=a085fcb05ca0c1254020e68f4f18217d

          1. standalone/configuration/application-roles.properties

                    iitDev2=package.developer

                    jbossadmin=admin

                    admin=admin

          1. standalone/configuration/management-users.properties

                    jbossadmin=af2056c095d503198cb7a1b432c17bad

                    iitAdmin=cbfe43200ac3439fee630ecb45cb83ca

                    iitDev2=76186b89ad376f1b73fd66a632620ba8

           

           

          Configurations

           

          1. Standalone.xml :

          Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working.

           

          <security-domain name="other" cache-type="default">

                <authentication>

                <login-module code="Remoting" flag="optional">

                     <module-option name="password-stacking" value="useFirstPass"/>

                </login-module>

                <login-module code="RealmUsersRoles" flag="required">

                     <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                     <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                     <module-option name="realm" value="ApplicationRealm"/>

                     <module-option name="password-stacking" value="useFirstPass"/>

                </login-module>

                </authentication>

          </security-domain>

          <security-domain name="drools-guvnor" cache-type="default">

          <authentication>

                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                     <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                     <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                     <module-option name="realm" value="ApplicationRealm"/>

                     <module-option name="password-stacking" value="useFirstPass"/>

                </login-module>

          </authentication>

          </security-domain>

           

          Drools-guvnor.war.

          1. beans.xml (Tried 4 different configs as suggested on community)
            1. Config 1 Error “This User has no permission setup”.

          <security:IdentityImpl>

          <s:modifies/>

          <!-- JAAS based authentication -->

          <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

            </security:IdentityImpl>

           

          <security:jaas.JaasAuthenticator>

          <s:modifies/>

          <jaasConfigName>other</jaasConfigName>

          </security:jaas.JaasAuthenticator>

           

           

          <!-- SECURITY AUTHORIZATION CONFIGURATION -->

          <!--

          This is used to enable or disable role-based authorization. By default it is disabled.

          -->

           

            <guvnorSecurity:RoleBasedPermissionResolver>

          <s:modifies/>

          <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

          </guvnorSecurity:RoleBasedPermissionResolver>

           

          1. Config 2 Error “This User has no permission setup”.

             

            <security:IdentityImpl>

          <s:modifies/>

          <!-- JAAS based authentication -->

          <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

            </security:IdentityImpl>

           

          <security:jaas.JaasAuthenticator>

          <s:modifies/>

          <security:jaasConfigName>drools-guvnor</security:jaasConfigName>

          </security:jaas.JaasAuthenticator>

           

           

          <!-- SECURITY AUTHORIZATION CONFIGURATION -->

          <!--

          This is used to enable or disable role-based authorization. By default it is disabled.

          -->

           

            <guvnorSecurity:RoleBasedPermissionResolver>

          <s:modifies/>

          <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

          </guvnorSecurity:RoleBasedPermissionResolver>

           

          1. Config 3 Error“This User has no permission setup”.

           

          <security:IdentityImpl>

          <s:modifies/>

          <!-- JAAS based authentication -->

          <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

            </security:IdentityImpl>

           

          <security:jaas.JaasAuthenticator>

          <s:modifies/>

          <jaasConfigName>other</jaasConfigName>

            </security:jaas.JaasAuthenticator>

           

          <guvnorSecurity:RoleBasedPermissionResolver>

          <s:modifies/>

          <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

          </guvnorSecurity:RoleBasedPermissionResolver>

           

          <component name="org.jboss.seam.security.roleBasedPermissionResolver">

           

          <s:modifies/>

           

          <property name="enableRoleBasedAuthorization">true</property>

           

          </component>

           

          I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or   <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.

           

          <component name="org.jboss.seam.security.roleBasedPermissionResolver">;

           

            <s:modifies/>

           

            <property name="enableRoleBasedAuthorization">true</property>

           

          </component>

           

           

          Kindly help me in this configuration. I can’t find a single authentic document for my environment.

           

          Regards,

          Zahid