Bug 976338 - Impossible to login with user who only has role kie-user
Impossible to login with user who only has role kie-user
Product: JBoss BPMS Platform 6
Classification: JBoss
Component: BAM (Show other bugs)
Unspecified Unspecified
medium Severity medium
: DR6
: 6.0.0
Assigned To: David Gutierrez
Jan Hrcek
Depends On:
  Show dependency treegraph
Reported: 2013-06-20 08:06 EDT by Jan Hrcek
Modified: 2014-08-06 16:10 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The jBPM Dashboard didn't have access granted for the role kie-user. Consequence: Users with only the kie-user role can't access the jBPM dashboard. Fix: Grant access permissions to the kie-user role. Result: Users with role kie-user can now see the jBPM Dashboard after login.
Story Points: ---
Clone Of:
Last Closed: 2014-08-06 16:10:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Hrcek 2013-06-20 08:06:05 EDT
Description of problem:
Impossible to login with user who only has role kie-user (no admin role).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add user in JBoss EAP 6.1 using script jboss-eap-6.1/bin/add-user.sh with the following attributes:
Type of user: Application User (just leave default)
Realm: ApplicationRealm (just leave default)
Username: demo
Password: demo123*
Roles: kie-user

2. Start the EAP with dashbuilder deployed
3. Go to dashbuilder login screen and try to login with this demo user.

Actual results:

After pressing the Submint button nothing happens - the login page is reloaded (and there is not even a message about incorrect username/password). When you try to fill in the credentials again and press the Submit button for the second time, the error page is displayed:

JBWEB000065: HTTP Status 404 - /dashbuilder/j_security_check
JBWEB000309: type JBWEB000067: Status report
JBWEB000068: message /dashbuilder/j_security_check
JBWEB000069: description JBWEB000124: The requested resource is not available.

After this error it is impossible to login even with root user, who could access the application before the error happenned. To log  in with root user restart of application server is needed after this error.

Expected results:
The user with application server role "kie-user" should be able to login successfully as user who has role "End user" in the application (based on the mapping in dashbuilder.war/WEB-INF/web.xml (End user -> kie-user)

Additional info:
Note, that this was tested after the security-domain was changed to AS7 default "other", so no other configuration in JBoss than  adding the user with correct role should be necessary.
Comment 1 David Gutierrez 2013-06-25 12:41:20 EDT
this fix was introduced by the following commit: https://github.com/droolsjbpm/dashboard-builder/commit/6202b8c065c517cf195d30da0fd006c3f6751d4e

Which renamed the role "user" to "kie-user" but forgot to modify the access permission as well. It has been fixed:

Github commit: https://github.com/droolsjbpm/dashboard-builder/commit/e7a4900325f3b64c1c268096f7b8096d165cae91

As a mention say that kie-user is a BPMS role intented to give end users access to the different BPM tool set. It only makes sense within the BPMS scope.
Comment 2 Jan Hrcek 2013-07-13 04:37:56 EDT
OK, verified with BPMS 6.0.0.DR6 deployed on EAP 6.1.

Note You need to log in before you can comment on or make changes to this bug.