1 2 Previous Next 22 Replies Latest reply on Nov 26, 2013 7:25 AM by Nicholas DiPiazza

    Exceptions in JAAS Authentication in GUVNOR 7.1

    Zahid Ahmed Prs Newbie

      Hi,

       

      I have run into a set of errors configuring JAAS Authentication for Guvnor. I have searched a lot on jboss community and for all the solutions nothing is working for me. I am getting either the login popup or I am getting “This User has no permissions setup”. The Guvnor Manual is referring to jboss eap 5 and I am trying to do this on Jboss AS 7.1.

       

      Note : I am unable to find login-config.xml file mentioned in the following link. http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html/ch14.html . Is guvnor deployment targeted only for JBOSS EAP 5.0 ?

       

      Environment:

      1. Guvnor 5.5.0.Final
      2. JBOSS AS 7.1.0

      Files Configured (Only these files I configured):

      1. Standalone.xml
      2. Guvnor.war/WEB-INF/beans.xml
      3. Created users using “add-user.sh”
      4. standalone/configuration/application-users.properties

                iitDev2=6c92af2424e69ba3cdc2ca981c9fc02b          admin=a085fcb05ca0c1254020e68f4f18217d

      1. standalone/configuration/application-roles.properties

                iitDev2=package.developer          jbossadmin=admin          admin=admin

      1. standalone/configuration/management-users.properties

                jbossadmin=af2056c095d503198cb7a1b432c17bad          iitAdmin=cbfe43200ac3439fee630ecb45cb83ca          iitDev2=76186b89ad376f1b73fd66a632620ba8  Configurations

      1. Standalone.xml :

      Only configured below tags. There’s nothing else I changed for the purpose of JAAS Authentication and Guvnor Authorization. Added <security-domain name="drools-guvnor" cache-type="default"> to check if “other” is not working.

       

      <security-domain name="other" cache-type="default">

            <authentication>

            <login-module code="Remoting" flag="optional">

                 <module-option name="password-stacking" value="useFirstPass"/>

            </login-module>

            <login-module code="RealmUsersRoles" flag="required">

                 <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                 <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                 <module-option name="realm" value="ApplicationRealm"/>

                 <module-option name="password-stacking" value="useFirstPass"/>

            </login-module>

            </authentication>

      </security-domain>

      <security-domain name="drools-guvnor" cache-type="default">

      <authentication>

            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                 <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                 <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                 <module-option name="realm" value="ApplicationRealm"/>

                 <module-option name="password-stacking" value="useFirstPass"/>

            </login-module>

      </authentication>

      </security-domain>

       

      Drools-guvnor.war.

      1. beans.xml (Tried 4 different configs as suggested on community)
        • Config 1 Error “This User has no permission setup”.

      <security:IdentityImpl> <s:modifies/>

           <!-- JAAS based authentication -->

           <security:authenticatorName>jaasAuthenticator</security:authenticatorName>  

      </security:IdentityImpl>

         

      <security:jaas.JaasAuthenticator>

           <s:modifies/>

           <jaasConfigName>other</jaasConfigName>

      </security:jaas.JaasAuthenticator>

       

      <!-- SECURITY AUTHORIZATION CONFIGURATION --> <!-- This is used to enable or disable role-based authorization. By default it is disabled. -->   <guvnorSecurity:RoleBasedPermissionResolver>

           <s:modifies/>

           <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

      </guvnorSecurity:RoleBasedPermissionResolver>


      • Config 2 Error “This User has no permission setup”.

            <security:IdentityImpl> <s:modifies/>

                 <!-- JAAS based authentication -->

                <security:authenticatorName>jaasAuthenticator</security:authenticatorName>  

           </security:IdentityImpl>

           <security:jaas.JaasAuthenticator>

                <s:modifies/>

                <security:jaasConfigName>drools-guvnor</security:jaasConfigName>

           </security:jaas.JaasAuthenticator> 

       

      <!-- SECURITY AUTHORIZATION CONFIGURATION --> <!-- This is used to enable or disable role-based authorization. By default it is disabled. -->        <guvnorSecurity:RoleBasedPermissionResolver>

                <s:modifies/>

                <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

           </guvnorSecurity:RoleBasedPermissionResolver>

       

       

      • Config 3 Error“This User has no permission setup”.

       

      <security:IdentityImpl>

      <s:modifies/>

      <!-- JAAS based authentication -->

      <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

        </security:IdentityImpl>

       

      <security:jaas.JaasAuthenticator>

            <s:modifies/>

            <jaasConfigName>other</jaasConfigName>

        </security:jaas.JaasAuthenticator>

       

      <guvnorSecurity:RoleBasedPermissionResolver>

            <s:modifies/>

            <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

      </guvnorSecurity:RoleBasedPermissionResolver>

       

      <component name="org.jboss.seam.security.roleBasedPermissionResolver">

       

      <s:modifies/>

       

      <property name="enableRoleBasedAuthorization">true</property>

       

      </component>

       

      I HAVE ALSO ADDED THIS COMPONENT TAG found every where on forums to resolve this issue. I tried Tried without this also but at that time I get LOGIN screen which always says Incorrect User/Password.Is this required or   <guvnorSecurity:RoleBasedPermissionResolver> is the only authorization config.

       

      <component name="org.jboss.seam.security.roleBasedPermissionResolver">;

       

        <s:modifies/>

       

        <property name="enableRoleBasedAuthorization">true</property>

       

      </component>

       

       

      Kindly help me in this configuration. I can’t find a single authentic document for my environment.

        • 1. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
          Stanley Chatman Newbie

          I have the same exact problem.  I am testing out some possible remedies and will post them here if I get any meaningful results.

          • 2. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
            Zahid Ahmed Prs Newbie

            I have figured it out and now I have got  authentication and roles permissions both work properly .

            1. In drools-guvnor.war update following seam jars to 3.2.0 version

                 A. Seam-srcirity-3.1.0.jar

                 B. Seam-security-api-3.1.0.jar

            2. Comment weld exclude tag for seam rule based permission at the end of beans.xml in guvnor wars

            3.  Use config2 from my question in this thread for beans.xml.

             

            I have tested my configs on jboss-eap-6.0.1 and on JBoss-as-7.1.0

            . Make sure you give admin access rights to "admin" user in guvnor's administration tab using demoAuthenticator in beans.xml. after giving admin access then move on to the above given steps.

             

            I have pretty smooth grip on this thing. Anyone Stoll facing issue can reply and will surely help.

             

            Will post my config files too overhere for clarity.

            • 3. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
              Stanley Chatman Newbie

              I have installed the 3.2 jars but now i'm getting the following error in my server log:

              07:45:25,157 WARN  [org.jboss.security] (http-/127.0.0.1:8081-1) PBOX000234: Invalid or misspelled module option: realm

               

              i'm using the drools-guvnor from option 2

              • 4. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                Zahid Ahmed Prs Newbie

                Please find attached my config files. Check the login-module in security-domain tag "drools-guvnor".

                1 of 1 people found this helpful
                • 5. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                  Sherry Wang Newbie

                  I am using exactly the same config files. Still get this Error

                   

                  11:49:24,566 ERROR [org.jboss.seam.security.jaas.JaasAuthenticator] (http--10.66.1.53-8180-1) JAAS authentication failed: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

                            at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                            at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_45]

                            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_45]

                            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_45]

                            at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_45]

                            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_45]

                            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_45]

                            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_45]

                            at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_45]

                            at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_45]

                            at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_45]

                            at org.jboss.seam.security.jaas.JaasAuthenticator.authenticate(JaasAuthenticator.java:59) [seam-security-3.2.0.Final.jar:3.2.0.Final]

                            at org.jboss.seam.security.jaas.JaasAuthenticator$Proxy$_$$_WeldClientProxy.authenticate(JaasAuthenticator$Proxy$_$$_WeldClientProxy.java) [seam-security-3.2.0.Final.jar:3.2.0.Final]

                            at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:224) [seam-security-3.2.0.Final.jar:3.2.0.Final]

                            at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:163) [seam-security-3.2.0.Final.jar:3.2.0.Final]

                            at org.jboss.seam.security.IdentityImpl$Proxy$_$$_WeldClientProxy.login(IdentityImpl$Proxy$_$$_WeldClientProxy.java) [seam-security-3.2.0.Final.jar:3.2.0.Final]

                            at org.drools.guvnor.server.security.SecurityServiceImpl.tryAutoLoginAsGuest(SecurityServiceImpl.java:110) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]

                            at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:99) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]

                            at org.drools.guvnor.server.security.SecurityServiceImpl$Proxy$_$$_WeldClientProxy.getCurrentUser(SecurityServiceImpl$Proxy$_$$_WeldClientProxy.java) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]

                            at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:74) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final]

                            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_45]

                            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_45]

                            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_45]

                            at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_45]

                            at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569) [gwt-servlet-2.4.0.jar:]

                            at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208) [gwt-servlet-2.4.0.jar:]

                            at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248) [gwt-servlet-2.4.0.jar:]

                            at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet-2.4.0.jar:]

                            at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                            at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                            at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

                            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                            at org.jboss.solder.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65) [solder-impl-3.1.1.Final.jar:3.1.1.Final]

                            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                            at org.jboss.solder.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:74) [solder-impl-3.1.1.Final.jar:3.1.1.Final]

                            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

                            at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

                            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

                            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

                  • 6. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                    Sherry Wang Newbie

                    Actually, the standalone.xml file is different from the one Zahid attached.  My one is <server xmlns="urn:jboss:domain:1.2">, Zahid's onee is <server xmlns="urn:jboss:domain:1.3">. Don't know if this caused the error.

                     

                    I turned on the DEBUG level and get the following information:

                     

                    16:50:39,041 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--10.66.1.53-8180-1) Bad password for username=guest

                    16:50:39,043 ERROR [org.jboss.seam.security.jaas.JaasAuthenticator] (http--10.66.1.53-8180-1) JAAS authentication failed: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

                              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                     

                    Don't know where the hell this username=guest comes from.....

                    • 7. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                      Nicholas DiPiazza Novice

                      I can't figure out where the username=guest is coming from either.

                      • 8. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                        Zahid Ahmed Prs Newbie

                        Hi Nicholas,

                         

                        Can u please share ur environment and the config files. Beans.xml, user.properties files, and standalone.xml (if jboss). Also tell me ur seam-security.jar version. Have u changed ur seam-security.jar version

                        • 9. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                          Nicholas DiPiazza Novice

                          Hi. Thanks for the response. Here is a link to my issue with all that info https://community.jboss.org/message/831268?tstart=0

                          • 10. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                            srikanth mallikarjuna Newbie

                            I had deployed on tomcat 6.18.0.

                             

                            I followed your steps but still I cannot see guvnor login screen and get below error. I do not understand where the user guest coming from?

                             

                            loginModule try to authenticate guest user all the time, since I cannot see login screen cannot enter other username and password.

                             

                             

                            ERROR 08-08 11:46:46,322 (Logger.java:error:1092)        JAAS authentication fai

                            led

                            javax.security.auth.login.LoginException: Security Exception

                                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)

                                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1

                            86)

                                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

                                    at java.security.AccessController.doPrivileged(Native Method)

                                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6

                            80)

                                    at javax.security.auth.login.LoginContext.login(LoginContext.java:580)

                                    at org.jboss.seam.security.jaas.JaasAuthenticator.authenticate(JaasAuthe

                            nticator.java:59)

                            • 11. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                              Nicholas DiPiazza Novice

                              There is definitely a bug in 5.5.0.Final that causes this. When I moved down to 5.4.0.Final... I can get the login dialog.

                              • 12. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                                srikanth mallikarjuna Newbie

                                downgrading to 5.4 worked fine for login but still getting error while logging out, did you have the same problem?

                                 

                                ERROR 09-08 15:13:51,415 (LoggingHelper.java:error:74)   Service method 'public

                                abstract void org.drools.guvnor.client.rpc.SecurityService.logout()' threw an un

                                expected exception: java.lang.IllegalStateException: Attempted to inject an Http

                                Session before it has been initialized.

                                java.lang.IllegalStateException: Attempted to inject an HttpSession before it ha

                                s been initialized.

                                        at org.jboss.solder.servlet.http.ImplicitHttpServletObjectsProducer.getH

                                ttpSession(ImplicitHttpServletObjectsProducer.java:55)

                                        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                                        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

                                java:39)

                                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

                                sorImpl.java:25)

                                ........

                                • 13. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                                  Nicholas DiPiazza Novice

                                  Srikanth, can you share your Jaas login module? That will probably explain why that is happening.

                                  • 14. Re: Exceptions in JAAS Authentication in GUVNOR 7.1
                                    srikanth mallikarjuna Newbie

                                    I am using jBoss UsersRolesLoginModule.

                                     

                                    drools-guvnor {

                                            org.jboss.security.auth.spi.UsersRolesLoginModule required usersProperties="application-users.properties" rolesProperties="application-roles.properties" debug=true;

                                    };

                                    1 2 Previous Next