Hide Forgot
Created attachment 568361 [details] exceptions for designer Description of problem: Both the Designer and the Console use by default admin/admin for authentication when connecting to Guvnor. When the password for admin defined in the users.properties changes, FailedLoginException is thrown and written to the server log. User sees only a blank process canvas in the Designer and no processes in the Console. Version-Release number of selected component (if applicable): BRMS 5.3.0 ER4 Steps to Reproduce: 1. Change password of user 'admin'. 2. Log into Guvnor and open a process in the Designer. 3. Log into the Console and open the process overview tab. Actual results: No process visible. Errors in the server log. Additional info: Exceptions to be found in the attachements. The issue is caused by Designer's and Console's configuration. In the designer.war/profiles/jbpm.xml and gwt-console-server.war/WEB-INF/classes/jbpm.console.properties, there is the default admin/admin authentication specified. In plain text too. There is nothing about this for the Console in the documentation. The error message won't make much sense, since the user already logged in successfully and now is basically told he didn't - unless he already knows to change both of these settings too.
Created attachment 568362 [details] exceptions for console
Is this just a matter of documentation? If so, documentation was already enhanced in this area: Designer http://hudson.qa.jboss.com/hudson/view/Drools%20jBPM/job/jbpm-5.2.x/lastSuccessfulBuild/artifact/jbpm-distribution/target/jbpm-5.2.1-SNAPSHOT-docs-build/jbpm-docs/html/ch.designer.html#d0e4125 Console http://hudson.qa.jboss.com/hudson/view/Drools%20jBPM/job/jbpm-5.2.x/lastSuccessfulBuild/artifact/jbpm-distribution/target/jbpm-5.2.1-SNAPSHOT-docs-build/jbpm-docs/html/ch.console.html#d0e4439 If not, please let us know what is the expected result from your point of view.
Having it in the docs should probably be enough. Still, I wonder, in the Designer, wouldn't it be possible to use the credentials of the already logged in user? Even with role based authorization on, the user would be able to access only the processes in the right packages/categories anyway, due to the way that works. So the user doesn't really need admin rights, right? It still allows the user to view the processes he/she is allowed to view and change those he/she is allowed to change. The Console shows only those processes the user can view - and since the user doesn't change them in the Console, it is okay that he/she can start them too. So, accessing Guvnor with credentials of the currently logged in user, whether it is from the Designer or the Console, would very probably work right. But of course, there's the little matter of implementing that - I'm not sure if this would even be possible. What do you think?
Guvnor and Designer are completely separate web applications and do not share the context. Unless Guvnor exposes the credentials somehow Designer is not able to see them, unless we force a separate login for Designer or do SSO maybe. Not sure either would be feasible for BRMS 5.3.
(In reply to comment #4) > Guvnor and Designer are completely separate web applications and do not share > the context. Unless Guvnor exposes the credentials somehow Designer is not able > to see them, unless we force a separate login for Designer or do SSO maybe. Not > sure either would be feasible for BRMS 5.3. That's okay. It was just an idea I thought we could discuss a bit. Separate login for Designer wouldn't be a very good solution - it does not look like a separate webapp, it would be really strange to ask user to authenticate again. SSO does sound interesting though. I understand there is never enough time to do what you need to do, even less to do things like this; but this could be a nice feature, if you ever find yourself with nothing to do. ;) Thanks for the input.
Update status to ON_QA. Please verify them against ER6.
Hi Zuzana, I've added a note to the console chapter, Configuring the management console section[1] stating that: The password must and username contained in this file must match the credentials set in jboss-as/server/production/deploy/jboss-brms.war/WEB-INF/components.xml. If the credentials are changed in one place they must be changed in both locations. I've also added a section to the process designer chapter [2] configuring the process designer which calls out the changes that must be made. The updates docs should be live on the internal doc stage within the next hour. [1] http://documentation-stage.bne.redhat.com/docs/en-US/JBoss_Enterprise_BRMS_Platform/5/html/BRMS_Business_Process_Management_Guide/chapter_console.html#configure_management_console [2]http://documentation-stage.bne.redhat.com/docs/en-US/JBoss_Enterprise_BRMS_Platform/5/html/BRMS_Business_Process_Management_Guide/chapter_process_designer.html