Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1056476

Summary: SecurityException when logging out from BAM
Product: [Retired] JBoss BPMS Platform 6 Reporter: Jan Hrcek <jhrcek>
Component: BAMAssignee: David Gutierrez <dgutierr>
Status: CLOSED CURRENTRELEASE QA Contact: Jan Hrcek <jhrcek>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: pavelp, rrajasek
Target Milestone: ER1   
Target Release: 6.0.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-06 20:03:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1054834    
Bug Blocks:    
Attachments:
Description Flags
server.log showing SecurityException none

Description Jan Hrcek 2014-01-22 09:40:33 UTC 
Created attachment 853761 [details]
server.log showing SecurityException

Description of problem:
It is impossible to log out from dashbuilder when security policy is turned on and configured as described in bug 1054834, comment 6 

When you login and then try to log out using Logout button, the exception appears in server log and the application is then broken: white screen appears and when you refresh the page, there is Unexpected Error modal. The only way to fix this is to restart the application server.

Version-Release number of selected component (if applicable):
BPMS 6.0.0 CR1

How reproducible:
Always

Steps to Reproduce:
1. Configure BPMS server security policy as described in bug 1054834, comment 6
2. Login to dashbuilder and then try to logout

Actual results:
white screen & Unexpected Error modal after page is refreshed. Unable to logout and only way to fix it is to restart EAP server.

Expected results:
Logout should work.

Additional info:
Most likely related to bug 1054834
Comment 1 Pavel Polischouk 2014-01-22 16:18:11 UTC 
Please try, in addition to specifying kie.policy as in bug 1054834, comment 6, to specify the global java security policy explicitly. Create the global.policy file with the following content:

grant { 
      permission java.security.AllPermission;
};

and add the following flag in the java command line in standalone.conf, keeping the previously added security flags:

-Djava.security.policy=global.policy

This option explicitly sets the permissions for the code outside of MVEL to All Permissions.
Comment 4 David Gutierrez 2014-01-23 11:38:51 UTC 
Fixed.

Github commit (master): https://github.com/droolsjbpm/dashboard-builder/commit/b1c149973925a0dc4b97c584c1da7cf4a03f7ed8

Github commit (6.0.x): https://github.com/droolsjbpm/dashboard-builder/commit/1850fbbb0bb8a4f38a146382bf8dfcfd53da6f1d
Comment 6 Jan Hrcek 2014-02-18 08:55:16 UTC 
Ok, verified with BPMS 6.0.1 ER1. I was running the EAP using bin/standalone-secure.sh and it is not working correctly.