Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1056476 - SecurityException when logging out from BAM
Summary: SecurityException when logging out from BAM
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss BPMS Platform 6
Classification: Retired
Component: BAM
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ER1
: 6.0.1
Assignee: David Gutierrez
QA Contact: Jan Hrcek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-22 09:40 UTC by Jan Hrcek
Modified: 2014-08-06 20:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 20:03:21 UTC
Type: Bug


Attachments (Terms of Use)
server.log showing SecurityException (deleted)
2014-01-22 09:40 UTC, Jan Hrcek
no flags Details

Description Jan Hrcek 2014-01-22 09:40:33 UTC
Created attachment 853761 [details]
server.log showing SecurityException

Description of problem:
It is impossible to log out from dashbuilder when security policy is turned on and configured as described in bug 1054834, comment 6 

When you login and then try to log out using Logout button, the exception appears in server log and the application is then broken: white screen appears and when you refresh the page, there is Unexpected Error modal. The only way to fix this is to restart the application server.

Version-Release number of selected component (if applicable):
BPMS 6.0.0 CR1

How reproducible:
Always

Steps to Reproduce:
1. Configure BPMS server security policy as described in bug 1054834, comment 6
2. Login to dashbuilder and then try to logout

Actual results:
white screen & Unexpected Error modal after page is refreshed. Unable to logout and only way to fix it is to restart EAP server.

Expected results:
Logout should work.

Additional info:
Most likely related to bug 1054834

Comment 1 Pavel Polischouk 2014-01-22 16:18:11 UTC
Please try, in addition to specifying kie.policy as in bug 1054834, comment 6, to specify the global java security policy explicitly. Create the global.policy file with the following content:

grant { 
      permission java.security.AllPermission;
};

and add the following flag in the java command line in standalone.conf, keeping the previously added security flags:

-Djava.security.policy=global.policy

This option explicitly sets the permissions for the code outside of MVEL to All Permissions.

Comment 6 Jan Hrcek 2014-02-18 08:55:16 UTC
Ok, verified with BPMS 6.0.1 ER1. I was running the EAP using bin/standalone-secure.sh and it is not working correctly.


Note You need to log in before you can comment on or make changes to this bug.