> acl.adminRole=ROLE_ *kylin_admin* This should be in upper case I think.
acl.adminRole=ROLE_KYLIN_ADMIN On Tue, Feb 7, 2017 at 5:16 PM, Hoang Le Trung <[email protected]> wrote: > > > Hi > > > > Last time I use default authentication for kylin that mean login Kylin > with user/pass: *ADMIN/KYLIN* > > Now I change to using Ldap for authentication on my Kylin. > > > ***Here is my configure: > > > > ldap.server=ldap://………..:389 > > ldap.username=*kylin* # user *kylin* belong to *kylin_admin* group > > ldap.password=VMJlI4YQrEFg0LSfLCQMfQ== > > > > ldap.user.searchBase=CN=Users,DC=example,DC=com > > ldap.user.searchPattern=(&(cn={0})) > > ldap.user.groupSearchBase=CN=Groups,DC=example,DC=com > > > > > > acl.defaultRole=ROLE_ANALYST,ROLE_MODELER > > acl.adminRole=ROLE_*kylin_admin* # Group *kylin_admin* belong to (CN= > Groups,DC=example,DC=com) > > > > > > ***With this configure I can login kylin success with above user. > > > > 2017-02-07 16:12:41,801 DEBUG [http-bio-7070-exec-9] > controller.UserController:64 : authentication.getPrincipal() is > org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: > Dn: cn=kylin,cn=Users,dc=example,dc=com; Username: kylin; Password: > [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: > true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, > ROLE_ANALYST, ROLE_MODELER > > 2017-02-07 16:12:41,842 DEBUG [http-bio-7070-exec-9] > controller.UserController:64 : authentication.getPrincipal() is > org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: > Dn: cn=kylin,cn=Users,dc=example,dc=com; Username: kylin; Password: > [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: > true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, > ROLE_ANALYST, ROLE_MODELER > > 2017-02-07 16:12:41,963 DEBUG [http-bio-7070-exec-9] > controller.ProjectController:97 : authentication.getPrincipal() is > org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: > Dn: cn=kylin,cn=Users,dc=example,dc=com; Username: kylin; Password: > [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: > true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, > ROLE_ANALYST, ROLE_MODELER > > > > > > But I my Kylin do not show any project that I create with user *ADMIN* > > > > I try create new project but false with this log: > > > > ……… > > 2017-02-07 16:04:44,237 ERROR [http-bio-7070-exec-2] > controller.ProjectController:207 : Failed to deal with the request. > > org.springframework.security.access.AccessDeniedException: Access is > denied > > at org.springframework.security. > access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) > > at org.springframework.security.access.intercept. > AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor. > java:206) > > at org.springframework.security. > access.intercept.aopalliance.MethodSecurityInterceptor.invoke( > MethodSecurityInterceptor.java:60) > > at org.springframework.aop.framework. > ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > > at org.springframework.aop.framework.CglibAopProxy$ > DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633) > > at org.apache.kylin.rest.service.ProjectService$$ > EnhancerBySpringCGLIB$$c6b4c59a.createProject(<generated>) > > at org.apache.kylin.rest.controller.ProjectController. > saveProject(ProjectController.java:205) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.springframework.web.method.support. > InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) > > at org.springframework.web.method.support. > InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) > > at org.springframework.web.servlet.mvc.method.annotation. > ServletInvocableHandlerMethod.invokeAndHandle( > ServletInvocableHandlerMethod.java:104) > > at org.springframework.web.servlet.mvc.method.annotation. > RequestMappingHandlerAdapter.invokeHandleMethod( > RequestMappingHandlerAdapter.java:743) > > at org.springframework.web.servlet.mvc.method.annotation. > RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter. > java:672) > > at org.springframework.web.servlet.mvc.method. > AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:82) > > at org.springframework.web.servlet.DispatcherServlet. > doDispatch(DispatcherServlet.java:933) > > at org.springframework.web.servlet.DispatcherServlet. > doService(DispatcherServlet.java:867) > > at org.springframework.web.servlet.FrameworkServlet. > processRequest(FrameworkServlet.java:951) > > at org.springframework.web.servlet.FrameworkServlet. > doPost(FrameworkServlet.java:853) > > at javax.servlet.http.HttpServlet.service( > HttpServlet.java:650) > > at org.springframework.web.servlet.FrameworkServlet. > service(FrameworkServlet.java:827) > > at javax.servlet.http.HttpServlet.service( > HttpServlet.java:731) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:303) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter( > WsFilter.java:52) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:330) > > at org.springframework.security.web.access.intercept. > FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) > > at org.springframework.security.web.access.intercept. > FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.access. > ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.session. > SessionManagementFilter.doFilter(SessionManagementFilter.java:103) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication. > AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter. > java:113) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.servletapi. > SecurityContextHolderAwareRequestFilter.doFilter( > SecurityContextHolderAwareRequestFilter.java:54) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.savedrequest. > RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.www. > BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.ui. > DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt > er.java:91) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication. > AbstractAuthenticationProcessingFilter.doFilter( > AbstractAuthenticationProcessingFilter.java:183) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.logout. > LogoutFilter.doFilter(LogoutFilter.java:105) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.context. > SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilt > er.java:87) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.FilterChainProxy. > doFilterInternal(FilterChainProxy.java:192) > > at org.springframework.security. > web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > > at org.springframework.web.filter.DelegatingFilterProxy. > invokeDelegate(DelegatingFilterProxy.java:343) > > at org.springframework.web.filter.DelegatingFilterProxy. > doFilter(DelegatingFilterProxy.java:260) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at com.thetransactioncompany.cors.CORSFilter.doFilter( > CORSFilter.java:209) > > at com.thetransactioncompany.cors.CORSFilter.doFilter( > CORSFilter.java:244) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:220) > > at org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:122) > > at org.apache.catalina.authenticator. > AuthenticatorBase.invoke(AuthenticatorBase.java:505) > > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:169) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:103) > > at org.apache.catalina.valves.AccessLogValve.invoke( > AccessLogValve.java:956) > > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:116) > > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:436) > > at org.apache.coyote.http11.AbstractHttp11Processor. > process(AbstractHttp11Processor.java:1078) > > at org.apache.coyote.AbstractProtocol$ > AbstractConnectionHandler.process(AbstractProtocol.java:625) > > at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor. > run(JIoEndpoint.java:316) > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > > at org.apache.tomcat.util.threads.TaskThread$ > WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > > 2017-02-07 16:04:44,240 ERROR [http-bio-7070-exec-2] > controller.BasicController:44 : > > org.apache.kylin.rest.exception.InternalErrorException: Access is denied > > at org.apache.kylin.rest.controller.ProjectController. > saveProject(ProjectController.java:208) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java:62) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.springframework.web.method.support. > InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) > > at org.springframework.web.method.support. > InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) > > at org.springframework.web.servlet.mvc.method.annotation. > ServletInvocableHandlerMethod.invokeAndHandle( > ServletInvocableHandlerMethod.java:104) > > at org.springframework.web.servlet.mvc.method.annotation. > RequestMappingHandlerAdapter.invokeHandleMethod( > RequestMappingHandlerAdapter.java:743) > > at org.springframework.web.servlet.mvc.method.annotation. > RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter. > java:672) > > at org.springframework.web.servlet.mvc.method. > AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:82) > > at org.springframework.web.servlet.DispatcherServlet. > doDispatch(DispatcherServlet.java:933) > > at org.springframework.web.servlet.DispatcherServlet. > doService(DispatcherServlet.java:867) > > at org.springframework.web.servlet.FrameworkServlet. > processRequest(FrameworkServlet.java:951) > > at org.springframework.web.servlet.FrameworkServlet. > doPost(FrameworkServlet.java:853) > > at javax.servlet.http.HttpServlet.service( > HttpServlet.java:650) > > at org.springframework.web.servlet.FrameworkServlet. > service(FrameworkServlet.java:827) > > at javax.servlet.http.HttpServlet.service( > HttpServlet.java:731) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:303) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter( > WsFilter.java:52) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:330) > > at org.springframework.security.web.access.intercept. > FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) > > at org.springframework.security.web.access.intercept. > FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.access. > ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.session. > SessionManagementFilter.doFilter(SessionManagementFilter.java:103) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication. > AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter. > java:113) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.servletapi. > SecurityContextHolderAwareRequestFilter.doFilter( > SecurityContextHolderAwareRequestFilter.java:54) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.savedrequest. > RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.www. > BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.ui. > DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilt > er.java:91) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication. > AbstractAuthenticationProcessingFilter.doFilter( > AbstractAuthenticationProcessingFilter.java:183) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.authentication.logout. > LogoutFilter.doFilter(LogoutFilter.java:105) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.context. > SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilt > er.java:87) > > at org.springframework.security.web.FilterChainProxy$ > VirtualFilterChain.doFilter(FilterChainProxy.java:342) > > at org.springframework.security.web.FilterChainProxy. > doFilterInternal(FilterChainProxy.java:192) > > at org.springframework.security. > web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > > at org.springframework.web.filter.DelegatingFilterProxy. > invokeDelegate(DelegatingFilterProxy.java:343) > > at org.springframework.web.filter.DelegatingFilterProxy. > doFilter(DelegatingFilterProxy.java:260) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at com.thetransactioncompany.cors.CORSFilter.doFilter( > CORSFilter.java:209) > > at com.thetransactioncompany.cors.CORSFilter.doFilter( > CORSFilter.java:244) > > at org.apache.catalina.core.ApplicationFilterChain. > internalDoFilter(ApplicationFilterChain.java:241) > > at org.apache.catalina.core.ApplicationFilterChain. > doFilter(ApplicationFilterChain.java:208) > > at org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:220) > > at org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:122) > > at org.apache.catalina.authenticator. > AuthenticatorBase.invoke(AuthenticatorBase.java:505) > > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:169) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:103) > > at org.apache.catalina.valves.AccessLogValve.invoke( > AccessLogValve.java:956) > > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:116) > > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:436) > > at org.apache.coyote.http11.AbstractHttp11Processor. > process(AbstractHttp11Processor.java:1078) > > at org.apache.coyote.AbstractProtocol$ > AbstractConnectionHandler.process(AbstractProtocol.java:625) > > at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor. > run(JIoEndpoint.java:316) > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > > at org.apache.tomcat.util.threads.TaskThread$ > WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > > > > > > > > ------------------------------ > This e-mail may contain confidential or privileged information. If you > received this e-mail by mistake, please don't forward it to anyone else, > please erase it from your device and let me know so I don't do it again. >
