Red Hat Bugzilla – Bug 1113955
Dashbuilder's roles not reflected correctly after changes made to xml files
Last modified: 2014-07-23 04:50:16 EDT
Description of problem: Dashbuilder's roles not reflected correctly after changes made to web.xml, jbpmWorkspace.xml and showcaseWorkspace.xml For the very first time, the dashbuilder will initialize the roles and permissions based on the above config files and store the information to the "dashb_permission" table. Subsequent changes will not be reloaded to the table making the ACL issue. This behaviour is inconsistent with the way business-central handling custom BPM's roles (where the new roles will be effective after the changes made and application restarted). Hence this also cause the SSO mechanism between these 2 modules not working properly. Steps to Reproduce: - Edit standalone.xml so that H2 persists data to file system. <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> <!--<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>--> <connection-url>jdbc:h2:~/tmp/mydb;DB_CLOSE_DELAY=-1;MVCC=TRUE</connection-url> - Start clean BPMS 6.0.1 with clean database - Log in as 'analyst' - Go to [Dashboards] -> [Process & Task Dashboard] - Go to [Dashboards] -> [Business Dashboard] - Shutdown BPMS - Edit following files from 'analyst' to 'analystX' (and from 'role-analyst' to 'role-analystX'). (Actually, I replaced entire dashbuilder.war and business-central.war with ones which has the changes) - dashbuilder.war/WEB-INF/web.xml - dashbuilder.war/WEB-INF/etc/appdata/initialData/showcaseWorkspace.xml - dashbuilder.war/WEB-INF/etc/appdata/initialData/jbpmWorkspace.xml - business-central.war/WEB-INF/web.xml - business-central.war/WEB-INF/web-ui-server.xml - business-central.war/WEB-INF/web-exec-server.xml - business-central.war/WEB-INF/classes/workbench-policy.properties - Start BPMS - Log in as 'analyst' -> Confirm that I cannot login - Log in as 'analystX' - Go to [Dashboards] -> [Process & Task Dashboard] - Go to [Dashboards] -> [Business Dashboard] Actual results: Cannot login to dashbuilder. Browser displays a login page. Expected results: Browser displays dashbuilder pages.
Indeed, changing those files (jbpmWorkspace.xml and showcaseWorkspace.xml) will have no impact as they are just used to initialize the worskpaces (Default Showcase and jBPM dashboard). Once the workspaces have been created there is no way to alter its structure other than either change the permissions assignations from the UI (as an admin user) or make the desired changes on the dashb_permission table (not recommended). Therefore, role permissions should be modified from the UI instead of modifying the XML files.
Hi David, Thank you for the response. > role permissions should be modified from the UI I think you are referring "Permissions" view which we can go from http://localhost:8080/dashbuilder/ http://docs.jboss.org/dashbuilder/release/6.0.1.Final/html_single/#sect-dashbuilder-security-workspace_permissions But is it possible to change the role name or add a new role in the UI? Sorry if I'm overlooking. The goal is changing role names from the default ones (e.g. 'admin') to new ones (e.g. 'bpmsAdmin'). Sorry again about that I didn't clearly write that. Thanks!
Roles should be defined at app server level and make them available into the webapp by modifying the web.xml file. Once they are defined the UI will just list them and will let the user to assign permissions. Hope this helps.
Thanks David! I have verified that with the steps below. - Edit standalone.xml so that H2 persists data to file system. <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> <!--<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>--> <connection-url>jdbc:h2:~/tmp/mydb;DB_CLOSE_DELAY=-1</connection-url> - Start clean BPMS 6.0.2 with clean database - Log in as 'admin' - Go to [Dashboards] -> [Business Dashboard] - Confirm that "General Configuration" -> "Workspace/Showcase/Permissions" has default role names. - Shutdown BPMS - Edit following files from 'analyst' to 'analystX' - dashbuilder.war/WEB-INF/web.xml - business-central.war/WEB-INF/web.xml - business-central.war/WEB-INF/web-ui-server.xml - business-central.war/WEB-INF/web-exec-server.xml - business-central.war/WEB-INF/classes/workbench-policy.properties - Start BPMS - Log in as 'admin' - Go to [Dashboards] -> [Business Dashboard] - Go to "General Configuration" -> both "Workspace/Showcase/Permissions" and "Workspace/jBPM Dashboard/Permissions" in order to add a role 'analystX'. - In '"Permissions assignation:" section, choose 'analystX' from the "Select role" select box. - Select 'Yes' for Actions - Press "Save" - I can see role 'analystX' is added to the "Permissions:" table - Log in as 'analyst' -> Confirm that I cannot login - Log in as 'analystX' - Go to [Dashboards] -> [Process & Task Dashboard] - Go to [Dashboards] -> [Business Dashboard]