Description of problem: Impossible to login with user who only has role kie-user (no admin role). Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Add user in JBoss EAP 6.1 using script jboss-eap-6.1/bin/add-user.sh with the following attributes: Type of user: Application User (just leave default) Realm: ApplicationRealm (just leave default) Username: demo Password: demo123* Roles: kie-user 2. Start the EAP with dashbuilder deployed 3. Go to dashbuilder login screen and try to login with this demo user. Actual results: After pressing the Submint button nothing happens - the login page is reloaded (and there is not even a message about incorrect username/password). When you try to fill in the credentials again and press the Submit button for the second time, the error page is displayed: JBWEB000065: HTTP Status 404 - /dashbuilder/j_security_check JBWEB000309: type JBWEB000067: Status report JBWEB000068: message /dashbuilder/j_security_check JBWEB000069: description JBWEB000124: The requested resource is not available. After this error it is impossible to login even with root user, who could access the application before the error happenned. To log in with root user restart of application server is needed after this error. Expected results: The user with application server role "kie-user" should be able to login successfully as user who has role "End user" in the application (based on the mapping in dashbuilder.war/WEB-INF/web.xml (End user -> kie-user) Additional info: Note, that this was tested after the security-domain was changed to AS7 default "other", so no other configuration in JBoss than adding the user with correct role should be necessary.
this fix was introduced by the following commit: https://github.com/droolsjbpm/dashboard-builder/commit/6202b8c065c517cf195d30da0fd006c3f6751d4e Which renamed the role "user" to "kie-user" but forgot to modify the access permission as well. It has been fixed: Github commit: https://github.com/droolsjbpm/dashboard-builder/commit/e7a4900325f3b64c1c268096f7b8096d165cae91 As a mention say that kie-user is a BPMS role intented to give end users access to the different BPM tool set. It only makes sense within the BPMS scope.
OK, verified with BPMS 6.0.0.DR6 deployed on EAP 6.1.