[ https://issues.apache.org/jira/browse/KYLIN-3199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16344724#comment-16344724 ]
Peng Xing commented on KYLIN-3199: ---------------------------------- Hi, [~Zhixiong Chen] and [~Aron.tao], I have found out the reason. After refactor with follow issue. [KYLIN-2960|https://issues.apache.org/jira/browse/KYLIN-2960] The 'curUser.userDetails.authorities' contains only one group named 'xpGroup', which is not configured for 'kylin.security.acl.admin-role' in kylin.properties, so the user 'xp' who belongs to 'xpGroup' has no permission. Then you login in with user 'xp', 'roles[authority.authority]' is undefined. But before refactor, every user has at least two default roles which is configured in kylin.properties as follow. {code:java} kylin.security.acl.default-role=ROLE_ANALYST,ROLE_MODELER {code} so the user 'xp' who belongs to 'xpGroup' has two default roles 'ROLE_ANALYST' and 'ROLE_MODELER'. Then you login in with user 'xp', 'roles[authority.authority]' is '/models'. So I think the real reason is that the return value of background interface has changed. Before: the user has two default roles 'ROLE_ANALYST' and 'ROLE_MODELER'. After: the user has no default role. So [~Zhixiong Chen] and [~Aron.tao], can you give a suggestion? can I modified the web code or backgroud code? thanks! > The login dialog should be closed when ldap user with no permission login > correctly > ----------------------------------------------------------------------------------- > > Key: KYLIN-3199 > URL: https://issues.apache.org/jira/browse/KYLIN-3199 > Project: Kylin > Issue Type: Bug > Components: Web > Affects Versions: v2.3.0 > Reporter: Peng Xing > Assignee: Peng Xing > Priority: Minor > Labels: patch > Attachments: > 0001-KYLIN-3199-The-login-dialog-should-be-closed-when-ld.patch, > ldap_user_login.png > > > 1. Open ldap authentication, but I do not give the admin permission to group > 'xpGroup'; > 2. Create a ldap user 'xp', who belongs to group 'xpGroup', so this user has > none permission. > 3. When user 'xp' login in, the above bar has showed and been enabled, but > the login dialog still show. > 4. Then you can click any button on above bar. > Please refer to 'ldap_user_login.png' > I think the login dialog should be closed when you login in correctly, and > redirect to the 'Model' page, but this user has no permission. > I have modified this issue, please review the patch, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)