Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Issue / HTTP ERROR 403 !role #620

Closed
mzima opened this issue Jan 17, 2014 · 15 comments
Closed

Authentication Issue / HTTP ERROR 403 !role #620

mzima opened this issue Jan 17, 2014 · 15 comments

Comments

@mzima
Copy link

mzima commented Jan 17, 2014

The following (slightly changed) realm.properties and admin.aclpolicy leads to a "HTTP ERROR 403" message after logging in with user "testuser". The same configuration works fine with Rundeck 1.6.2. Happens also with LDAP authentication.

Environment:

  • Rundeck 2.0.0-beta1
  • Rundeck 2.0.0-snapshot (rundeck2 branch / commit 5761abd)

realm.properties:

admin:admin,user,admin
user:user,user
testuser:pass,testgroup

admin.aclpolicy

description: Admin, all access.
context:
  project: '.*' # all projects
for:
  resource:
    - allow: '*' # allow read/create all kinds
  adhoc:
    - allow: '*' # allow read/running/killing adhoc jobs
  job: 
    - allow: '*' # allow read/write/delete/run/kill of all jobs
  node:
    - allow: '*' # allow read/run for all nodes
by:
  group: testgroup

---

description: Admin, all access.
context:
  application: 'rundeck'
for:
  resource:
    - allow: '*' # allow create of projects
  project:
    - allow: '*' # allow view/admin of all projects
by:
  group: testgroup

Error Message (user: testuser)

HTTP ERROR 403

Problem accessing /. Reason:

    !role

Powered by Jetty://
@ahonor
Copy link
Contributor

ahonor commented Jan 17, 2014

Can you try adding 'user' to testuser? Eg.,

 testuser:pass,testgroup,user

@mzima
Copy link
Author

mzima commented Jan 18, 2014

Adding the role "user" to "testuser" seems to work. Will this changed in the 2.0 final version? There might be implications when using LDAP ...

@ahonor
Copy link
Contributor

ahonor commented Jan 18, 2014

You can change the web.xml (e.g., /var/lib/rundeck/exp/webapp/WEB-INF/web.xml) to specify a different role name.

    <security-role>
            <role-name>user</role-name>
    </security-role>

Somebody has made a request to make this configuration manageable (#590).

@mzima
Copy link
Author

mzima commented Jan 19, 2014

Thanks, this solves my LDAP issue. I had to change the web.xml security-role and start rundeck with the "--skipinstall" option.

However, as mentioned in #590, the default security role should in my opinion optional, and better documented ...

@kondalonline
Copy link

I had the same issue. Thank you ahonor !!

@tekgroup
Copy link

tekgroup commented Feb 18, 2017
edited

Hi,

Installed Rundeck on windows by deploying the war file on a windows/tomcat server. I am getting the login page and as soon as i enter the credentials(admin/admin), it is displaying the error

HTTP Status 403 - Access to the requested resource has been denied

Admin.aclpolicy

description: admin, all access.
context:
project: '.*' # all projects
for:
resource:

  • allow: '*' # allow read/create all kinds
    adhoc:
  • allow: '*' # allow read/running/killing adhoc jobs
    job:
  • allow: '*' # allow read/write/delete/run/kill of all jobs
    node:
  • allow: '*' # allow read/run for all nodes
    by:
    group: admin

description: admin, all access.
context:
application: 'rundeck'
for:
resource:

  • allow: '*' # allow create of projects
    project:
  • allow: '*' # allow view/admin of all projects
    project_acl:
  • allow: '*' # allow admin of all project-level ACL policies
    storage:
  • allow: '' # allow read/create/update/delete for all /keys/ storage content
    by:
    group: admin

tomcat users

role rolename="admin"/>
role rolename="admin-gui"/>
role rolename="manager-gui"/>
role rolename="manager-jmx"/>
user username="admin" password="admin" roles="manager-gui"/>

Here are my Files in the Rundeck Root Directory:

Directory of F:\rundeckpro

DIR> .
DIR> ..
DIR> etc
DIR> libext
DIR> projects
DIR> var

Directory of F:\rundeckpro\etc

DIR> .
DIR> ..
admin.aclpolicy
apitoken.aclpolicy
framework.properties
rundeck-config.properties

           5 File(s)          3,385 bytes

@tekgroup
Copy link

I don't have the Realm.properties file anywhere

@ahonor
Copy link
Contributor

ahonor commented Feb 18, 2017

@tekgroup realm.properties is only for the launcher.jar or rpm/deb installs. If you are deploying to Tomcat it will be tomcat-users.xml. I notice the F:\rundeckpro path. Are you using Pro?

@tekgroup
Copy link

Yeah. i am using a pro

@tekgroup
Copy link

Is there anything that i am missing..

@ahonor
Copy link
Contributor

ahonor commented Feb 18, 2017

@tekgroup create an account at the http://support.rundeck.com site and you can get additional help there.

@tekgroup
Copy link

Sure. Thank you..

@ultimatehem
Copy link

Hi @ahonor is it possible to add more than one user role like user and readuser where i can assign execute privilege to user and readonly previlege to readuser like bleow .

user readuser

@ahonor
Copy link
Contributor

ahonor commented Jul 20, 2017

@ultimatehem yes, that is possible

@ultimatehem
Copy link

@ahonor Could you please guide me how to achieve it . When i define two roles user and readuser it isn't working as expected

@danielmakita danielmakita mentioned this issue Nov 29, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@gschueler @ahonor @mzima @kondalonline @tekgroup @ultimatehem