permission control don‘t work in guvnor-5.5.0.Final-jboss-as-7.0
Referring to the following documents, I do the permission and user authentication configuration for drools guvnor,
http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html_single/index.html#d0e5233
http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html_single/index.html#d0e5317
And I change the bean.xml as below,
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:s="urn:java:ee" xmlns:weld="http://jboss.org/schema/weld/beans" xmlns:security="urn:java:org.jboss.seam.security" xmlns:guvnorRepository="urn:java:org.drools.guvnor.server.repository" xmlns:guvnorSecurity="urn:java:org.drools.guvnor.server.security" xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd http://jboss.org/schema/weld/beans http://jboss.org/schema/weld/beans_1_1.xsd"> <guvnorRepository:GuvnorBootstrapConfiguration> <s:modifies/> <!-- JackRabbit --> <guvnorRepository:properties> <s:entry><s:key>org.drools.repository.configurator</s:key><s:value>org.drools.repository.jackrabbit.JackrabbitRepositoryConfigurator</s:value></s:entry> </guvnorRepository:properties> </guvnorRepository:GuvnorBootstrapConfiguration> <security:IdentityImpl> <s:modifies/> <security:authenticatorName>jaasAuthenticator</security:authenticatorName> </security:IdentityImpl> <security:jaas.JaasAuthenticator> <s:modifies/> <security:jaasConfigName>drools-guvnor-jaas</security:jaasConfigName> </security:jaas.JaasAuthenticator> <component name="org.jboss.seam.security.roleBasedPermissionResolver"> <s:modifies/> <property name="enableRoleBasedAuthorization">true</property> </component> <weld:scan> <!-- Disable the seam-security by drools rules --> <weld:exclude name="org.jboss.seam.security.permission.RuleBasedPermissionResolver"/> <!-- TODO remove me when GUVNOR-1196 is fixed --> <weld:exclude name="org.drools.guvnor.gwtutil.**"/> <weld:exclude name="org.drools.guvnor.client.**"/> </weld:scan> </beans>
Reboot jboss, then key in the user name and password in the drools guvnor login interface and click the [login] button, error as followed,
org.jboss.seam.security.AuthorizationException: This user has no permissions setup. at org.drools.guvnor.server.security.SecurityServiceImpl.getUserCapabilities(SecurityServiceImpl.java:128) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final] at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:101) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final] at org.drools.guvnor.server.security.SecurityServiceImpl$Proxy$_$$_WeldClientProxy.getCurrentUser(SecurityServiceImpl$Proxy$_$$_WeldClientProxy.java) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final] at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:74) [guvnor-webapp-core-5.5.0.Final.jar:5.5.0.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_11] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_11] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_11] at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_11] at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569) [gwt-servlet-2.4.0.jar:] ... 27 more
then I found the info below,
https://community.jboss.org/message/764678#764678
https://issues.jboss.org/browse/SEAMSECURITY-98
the reason was there is a bug in the seam security 3.1.0 final, but I cannot find any fixed version for the seam-security-3.1.1.Final, so I change seam-security-3.1.0.Final.jar to seam-security-3.2.0.Final.jar in drools guvnor.war.
when I reboot, the login runs smoothly, but the permission configuration which is mentioned in the document ‘Chapter 15. Fine grained permissions and security(http://docs.jboss.org/drools/release/5.5.0.Final/drools-guvnor-docs/html_single/index.html#d0e5317)’ do not work.