Uploaded image for project: 'Drools'
  1. Drools
  2. DROOLS-1040

Kie server on Tomcat with JACCValve fails authorisation

    XMLWordPrintable

Details

    • Hide

      Deploy Kie server on Tomcat which has org.kie.integration.tomcat.JACCValve valve defined in server.xml. Run JBPM tests from Kie server integration test suite.
      Some tests will fail with "User '[UserImpl:'Roles']' does not have permissions to execute operation...".

      Show
      Deploy Kie server on Tomcat which has org.kie.integration.tomcat.JACCValve valve defined in server.xml. Run JBPM tests from Kie server integration test suite. Some tests will fail with "User ' [UserImpl:'Roles'] ' does not have permissions to execute operation...".
    • fixed and merged into master and 6.4.x
    • NEW
    • NEW

    Description

      When Kie server is run on Tomcat container with org.kie.integration.tomcat.JACCValve configured then JBPM operations which needs authorisation invoked on Kie server fails with:
      "User '[UserImpl:'Roles']' does not have permissions to execute operation...".

      Error happens just with JACCValve which is used for Workbench, so this isn't critical issue.

      Issue is caused by JACCValve which register PolicyContextHandler with Subject returning 2 principals in HashSet, one principal represents user, second represent its roles.
      JACCIdentityProvider in Kie server in method getName() returns first principal from Subject which it finds, in case it is roles principal then is returned "Roles" as user name, which is wrong.

      Attachments

        Activity

          People

            ksuta Karel Suta
            ksuta Karel Suta
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: