2 Replies Latest reply on Nov 19, 2015 6:50 AM by gudururkr

    Drools 6.0 | Workbench Authentication | JAAS | NOT Authorized

    ahmedza

      Hi,

       

      I am configuring DB based JAAS Authentication for Kie-Drools-Workbench 6.1.0. Server log shows user is authenticated and roles are assigned to the user. But KIE login form says “Login failed: Not Authorized “.

       

      I have also added roles in Organizational Unit, Repository and Projects using kie-config-cli. But still getting the same error.

       

      Kindly let me know what wrong am I doing.

       

      1. Standalone.xml

      <security-domain name="drools-guvnor" cache-type="default">

      <authentication>

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

      <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/jbpmStagingRWDS"/>

      <module-option name="principalsQuery" value="select PASSWORD from principals where PRINCIPALID=?"/>

      <module-option name="rolesQuery" value="select ROLE,ROLEGROUP from roles WHERE principalid=?"/>

      <module-option name="hashAlgorithm" value="MD5"/>

      <module-option name="hashEncoding" value="base64"/>

      <module-option name="hashCharset" value="UTF-8"/>

      <module-option name="password-stacking" value="useFirstPass"/>

      </login-module>

      </authentication>

      </security-domain>

       

      Kie-drools-wb.War / WEB_INF/jboss-web.xml|

      <security-domain>drools-guvnor</security-domain>

       

      Server Logs

      13:55:22,408 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) initialize

      13:55:22,410 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Security domain: other

      13:55:22,412 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Password hashing activated: algorithm = MD5, encoding = base64, charset = UTF-8, callback = null, storeCallback = null

      13:55:22,415 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) DatabaseServerLoginModule, dsJndiName=java:jboss/datasources/jdbc/jbpmStagingRWDS

      13:55:22,419 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) principalsQuery=select PASSWORD from principals where PRINCIPALID=?

      13:55:22,422 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) rolesQuery=select ROLE,ROLEGROUP from roles WHERE principalid=?

      13:55:22,424 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendResume=true

      13:55:22,426 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) login

      13:55:22,428 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction

      13:55:22,489 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select PASSWORD from principals where PRINCIPALID=?, with username: iit

      13:55:22,495 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Obtained user password

      13:55:22,497 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction

      13:55:22,499 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) User 'iit' authenticated, loginOk=true

      13:55:22,501 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) commit, loginOk=true

      13:55:22,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) getRoleSets using rolesQuery: select ROLE,ROLEGROUP from roles WHERE principalid=?, username: iit

      13:55:22,507 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) suspendAnyTransaction

      13:55:22,509 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Excuting query: select ROLE,ROLEGROUP from roles WHERE principalid=?, with username: iit

      13:55:22,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role admin

      13:55:22,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role analyst

      13:55:22,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role developer

      13:55:22,521 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role manager

      13:55:22,523 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) Assign user to role user

      13:55:22,525 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) resumeAnyTransaction

      13:55:22,527 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) defaultLogin, lc=javax.security.auth.login.LoginContext@3460a6, subject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincip

      al(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12

      885648(managergrp(members:manager))

      13:55:22,538 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) updateCache, inputSubject=Subject(11883582).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup

      @12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648(analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager)), cacheSubj

      ect=Subject(11399784).principals=org.jboss.security.SimplePrincipal@25145532(iit)org.jboss.security.SimpleGroup@12885648(CallerPrincipal(members:iit))org.jboss.security.SimpleGroup@12885648(admingrp(members:admin))org.jboss.security.SimpleGroup@12885648(usergrp(members:user))org.jboss.security.SimpleGroup@12885648

      (analystgrp(members:analyst))org.jboss.security.SimpleGroup@12885648(developergrp(members:developer))org.jboss.security.SimpleGroup@12885648(managergrp(members:manager))

      13:55:22,556 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@5bd7b

      13:55:22,560 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) End isValid, true

      13:55:22,562 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

      13:55:22,576 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

      13:55:22,578 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Flushing iit from cache

      13:55:22,580 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--127.0.0.1-8080-2) logout

      13:55:22,841 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-3) Setting threadlocal:null

      13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-2) Setting threadlocal:null

      13:55:22,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http--127.0.0.1-8080-1) Setting threadlocal:null

       

       

      Config Tool

       

      ********************************************************

       

      ************* Welcome to Kie config CLI ****************

       

      ********************************************************

       

      >>Please specify location of the parent folder of .niogit

      D:\Servers\Drools-6-Deployment\Server-A-As-7\bin

      >>Please enter command (type help to see available commands):

      add-role-repo

      >>Repository alias:netsolrepo

      >>Security roles (comma separated list):admin,analyst,business,user,developer

      Result:

      Role admin added successfully to repository netsolrepo

      Role analyst added successfully to repository netsolrepo

      Role business added successfully to repository netsolrepo

      Role user added successfully to repository netsolrepo

      Role developer added successfully to repository netsolrepo

       

      >>>>>>>>>>>>>>>>>>>>>>>>>>>

      >>Please enter command (type help to see available commands):

      add-role-org-unit

      >>Organizational Unit name:netsol

      >>Security roles (comma separated list):admin,analyst,business,user,developer

      Result:

      Role admin added successfully to Organizational Unit netsol

      Role analyst added successfully to Organizational Unit netsol

      Role business added successfully to Organizational Unit netsol

      Role user added successfully to Organizational Unit netsol

      Role developer added successfully to Organizational Unit netsol

       

       

      Regards,

       

      Zahid Ahmed