Hi Jervis, Thanks for the reply.
Yes, this solve the problem. Thanks again. Han Ming On Mon, Aug 2, 2010 at 2:24 PM, Jervis Liu <[email protected]> wrote: > Hi, the rolesProperties file (eg, guvnor-roles.properties) configured > in JBoss AS is not used by Guvnor authorization. Before you enable > enable-role-based-authorization, you need to login and configure user > permissions in Guvnor "Administration". For example, you need to give > your "admin" user a full admin permission. > > Hope this helps, > Jervis > > Han Ming Low wrote: > > Hi all, > > > > I try to enable the Role Base Authorization in Guvnor after it was > > running fine with the default login mechanism. > > But, encountered some problem with the attempt. > > > > What I did was that in the components.xml, > > - commented out the default <security:identity > > authenticate-method="#{defaultAuthenticator.authenticate}"/> > > - uncomment the <security:identity > > authenticate-method="#{authenticator.authenticate}" > > jaas-config-name="other"/> > > - change the role base authorization to true, > > <security:role-based-permission-resolver > > enable-role-based-authorization="true"/> > > > > And at the login-config.xml > > I have changed the "other" application policy to > > <application-policy name = "other"> > > <authentication> > > <login-module code = > > "org.jboss.security.auth.spi.UsersRolesLoginModule" > > flag = "required" > > > <module-option > > name="usersProperties">props/guvnor-users.properties</module-option> > > <module-option > > name="rolesProperties">props/guvnor-roles.properties</module-option> > > </login-module> > > </authentication> > > </application-policy> > > > > guvnor-users.properties > > admin=admin12 > > krisv=krisv > > john=john > > mary=mary > > > > guvnor-roles.properties > > admin=admin > > krisv=admin,manager,user > > john=admin,manager,user > > mary=admin,manager,user > > > > After restarting JBoss, I can login based on the user and password > > defined in the guvnor-users.properties. > > And, by changing the password in the properties, I verified that it is > > taking in the value from the file itself. > > > > However, when I login as user admin and tried to access the > > Administration | User Permission or Event Log, > > I'm prompt "Sorry, insufficient permissions to perform this action." > > > > The error from the console is > > 11:15:36,046 INFO [STDOUT] ERROR 29-07 11:15:36,046 > > (LoggingHelper.java:error:76) > > Service method 'public abstract java.util.Map > > org.drools.guvnor.client.rpc.RepositoryService.listUserPermissions() > > throws > > org.drools.guvnor.client.rpc.DetailedSerializationException' > > threw an unexpected exception: > > org.jboss.seam.security.AuthorizationException: > > Authorization check failed for > > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > > org.jboss.seam.security.AuthorizationException: Authorization check > > failed for > > permission[org.drools.guvnor.server.security.admint...@bf7a4d,admin] > > at > > org.jboss.seam.security.Identity.checkPermission(Identity.java:581) > > at > > > org.drools.guvnor.server.ServiceImplementation.listUserPermissions(ServiceImplementation.java:2604) > > ..... > > > > Checking on the org.drools.guvnor.server.security.RoleTypes code, the > > available role should be > > admin > > analyst > > analyst.readonly > > package.admin > > package.developer > > package.readonly > > > > Can anyone help to let me know what's wrong with my configuration? > > > > Thanks. > > > > > > Han Ming > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > rules-users mailing list > > [email protected] > > https://lists.jboss.org/mailman/listinfo/rules-users > > > > _______________________________________________ > rules-users mailing list > [email protected] > https://lists.jboss.org/mailman/listinfo/rules-users >
_______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users
