Red Hat Bugzilla – Bug 976338
Impossible to login with user who only has role kie-user
Last modified: 2014-08-06 16:10:04 EDT
Description of problem:
Impossible to login with user who only has role kie-user (no admin role).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add user in JBoss EAP 6.1 using script jboss-eap-6.1/bin/add-user.sh with the following attributes:
Type of user: Application User (just leave default)
Realm: ApplicationRealm (just leave default)
2. Start the EAP with dashbuilder deployed
3. Go to dashbuilder login screen and try to login with this demo user.
After pressing the Submint button nothing happens - the login page is reloaded (and there is not even a message about incorrect username/password). When you try to fill in the credentials again and press the Submit button for the second time, the error page is displayed:
JBWEB000065: HTTP Status 404 - /dashbuilder/j_security_check
JBWEB000309: type JBWEB000067: Status report
JBWEB000068: message /dashbuilder/j_security_check
JBWEB000069: description JBWEB000124: The requested resource is not available.
After this error it is impossible to login even with root user, who could access the application before the error happenned. To log in with root user restart of application server is needed after this error.
The user with application server role "kie-user" should be able to login successfully as user who has role "End user" in the application (based on the mapping in dashbuilder.war/WEB-INF/web.xml (End user -> kie-user)
Note, that this was tested after the security-domain was changed to AS7 default "other", so no other configuration in JBoss than adding the user with correct role should be necessary.
this fix was introduced by the following commit: https://github.com/droolsjbpm/dashboard-builder/commit/6202b8c065c517cf195d30da0fd006c3f6751d4e
Which renamed the role "user" to "kie-user" but forgot to modify the access permission as well. It has been fixed:
Github commit: https://github.com/droolsjbpm/dashboard-builder/commit/e7a4900325f3b64c1c268096f7b8096d165cae91
As a mention say that kie-user is a BPMS role intented to give end users access to the different BPM tool set. It only makes sense within the BPMS scope.
OK, verified with BPMS 6.0.0.DR6 deployed on EAP 6.1.