953748 – HTTP Status 404 - /dashbuilder/j_security_check --Dashboard console log in issue

Bug 953748 - HTTP Status 404 - /dashbuilder/j_security_check --Dashboard console log in issue

Summary: HTTP Status 404 - /dashbuilder/j_security_check --Dashboard console log in issue

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss BPMS Platform 6
Classification:	Retired
Component:	BAM
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	6.0.0
Assignee:	David Gutierrez
QA Contact:	Jan Hrcek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-19 05:44 UTC by Ryan Zhang
Modified:	2014-08-06 20:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Login mechanism badly implemented or incomplete. Consequence: Login failures not handled properly. Fix: Implement the login page properly. Result: Login/Logout/SSO working fine.
Clone Of:
Environment:
Last Closed:	2014-08-06 20:09:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
screenshot (154.04 KB, image/png) 2013-04-19 05:45 UTC, Ryan Zhang	no flags	Details
kie-ide login failure (165.65 KB, image/png) 2013-05-17 08:53 UTC, Eric D. Schabell	no flags	Details
dashbuilder login failure (67.92 KB, image/png) 2013-05-17 08:54 UTC, Eric D. Schabell	no flags	Details
View All

Description Ryan Zhang 2013-04-19 05:44:44 UTC

Description of problem:
When I log in /dashbuilder console with "abc" which is not "root' (ie superuser).
The browser shows "JBWEB000065: HTTP Status 404 - /dashbuilder/j_security_check" Error.


Version-Release number of selected component (if applicable):
BPMS 6.1 DR3

How reproducible:
BPMS 6.1 DR3+EAP 6.1 Alpha

Steps to Reproduce:
1. Use add-user.sh to create user "abc" (Application Realm) and specify roles as "user"
2. Start the server and log in with "abc" in http://localhost:8080/dashbuilder
3. The error happens.

Attached the screenshot for reference.
  
Actual results:


Expected results:


Additional info:

Comment 1 Ryan Zhang 2013-04-19 05:45:23 UTC

Created attachment 737511 [details]
screenshot

Comment 2 Eric D. Schabell 2013-05-17 08:53:07 UTC

Followed documentation on product setup by Lee:

- unzipped EAPL 6.1.Beta
- copied in BPMS DR4 files from zip
- ran add-user.sh and added "root" user with a password and "erics" application user with a password.
- start server

- http://localhost:8080/kie-ide login attempts with above users, "Login failed: Not Authorized"

- http://localhost:8080/dashbuilder login attempts seem to pass but then give screen with "JBWEB000065: HTTP Status 403 - JBWEB000015: Access to the requested resource has been denied

JBWEB000309: type JBWEB000067: Status report

JBWEB000068: message JBWEB000015: Access to the requested resource has been denied

JBWEB000069: description JBWEB000123: Access to the specified resource has been forbidden."

Attaching screenshots of results of logins.

Can't even test build of DR4.

Comment 3 Eric D. Schabell 2013-05-17 08:53:59 UTC

Created attachment 749257 [details]
kie-ide login failure

Comment 4 Eric D. Schabell 2013-05-17 08:54:31 UTC

Created attachment 749259 [details]
dashbuilder login failure

Comment 5 David Gutierrez 2013-05-27 08:15:22 UTC

Login mechanism has been reviewed and fixed. Now, the application gives the proper feedback to users when login fails. 

Github commit: https://github.com/droolsjbpm/dashboard-builder/commit/0ca31e83da1e52da657b243705c954420837d9bb

As of SSO between kie-ide (renamed recently to kie-wb) and dashbuilder is also working (tested on EAP 6.1 final). To get SSO running don't forget to add the <sso/> tag to the EAP's standalone/configuration/standalone.xml file as indicated here https://github.com/droolsjbpm/dashboard-builder/blob/master/builder/src/main/jbossas7/README.md#single-sign-on.

Comment 7 Ryan Zhang 2013-06-08 11:28:51 UTC

(In reply to David Gutierrez from comment #5)
> Login mechanism has been reviewed and fixed. Now, the application gives the
> proper feedback to users when login fails. 
> 
> Github commit:
> https://github.com/droolsjbpm/dashboard-builder/commit/
> 0ca31e83da1e52da657b243705c954420837d9bb
> 
> As of SSO between kie-ide (renamed recently to kie-wb) and dashbuilder is
> also working (tested on EAP 6.1 final). To get SSO running don't forget to
> add the <sso/> tag to the EAP's standalone/configuration/standalone.xml file
> as indicated here
> https://github.com/droolsjbpm/dashboard-builder/blob/master/builder/src/main/
> jbossas7/README.md#single-sign-on.
Single sign on configuration needs further investigation.

I put this into ON_QA since the error seems fixed.

Comment 8 Jan Hrcek 2013-06-19 07:01:40 UTC

Verified with dashbuilder build DR5 deployed on EAP 6.1

Comment 12 Lukáš Petrovický 2014-02-07 16:15:02 UTC

This BZ has been part of the 6.0.0 stream.

Note You need to log in before you can comment on or make changes to this bug.