Enabling role-based authorization for BRM (i.e. Guvnor) causes "Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@55b47724,admin]" exception

Solution Unverified - Updated -

Issue

  • The role-based authorization has been enabled inside $JBOSS_HOME/server/$PROFILE/deploy/jboss-brms.war/WEB-INF/components.xml file, like this:
    <!-- SECURITY AUTHORIZATION CONFIGURATION -->
    <!--
        This is used to enable or disable role-based authorization. By default
        it is disabled.
    -->
    <component name="org.jboss.seam.security.roleBasedPermissionResolver">
        <property name="enableRoleBasedAuthorization">true</property>
    </component>

Before making this change, admin user was able to access the tabs like User Permission or Event Log from Administration section of the BRM (i.e. Guvnor) . But, currently it does not even allow admin user to access those features from Administration section , saying Sorry, insufficient permissions to perform this action.
Also, it gives the below ERROR inside server log:

ERROR [org.drools.guvnor.server.RepositoryServiceServlet] (http-127.0.0.1-8080-5) Service method 'public abstract org.drools.guvnor.client.rpc.PageResponse org.drools.guvnor.client.rpc.RepositoryService.showLog(org.drools.guvnor.client.rpc.PageRequest)' threw an unexpected exception: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@349b3786,admin]
org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@349b3786,admin]
    at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
    at org.drools.guvnor.server.ServiceSecurity.checkSecurityIsAdmin(ServiceSecurity.java:33)
    at org.drools.guvnor.server.ServiceImplementation.showLog(ServiceImplementation.java:492)
...

ERROR [STDERR] (http-127.0.0.1-8080-5) com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public abstract org.drools.guvnor.client.rpc.PageResponse org.drools.guvnor.client.rpc.RepositoryService.showLog(org.drools.guvnor.client.rpc.PageRequest)' threw an unexpected exception: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@55b47724,admin]
        at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:385)
    at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:588)
...
        Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[org.drools.guvnor.server.security.AdminType@55b47724,admin]
    at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
    at org.drools.guvnor.server.ServiceSecurity.checkSecurityIsAdmin(ServiceSecurity.java:33)
    at org.drools.guvnor.server.ServiceImplementation.showLog(ServiceImplementation.javGuvnora:492)
...

Is there any way to solve this issue?

Environment

  • Red Hat JBoss BRMS (BRMS)
    • 5.3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content