Search code examples
javadroolsjbpm

Drools/Kie-Server/Busines-Central 7.28.0 Is getting a 403 when kie-server accesses the websocket controller on business-central

We're upgrading our business-central server from 7.23.0 to 7.28.0. We're noticing that our kie-servers can no longer connect via websocket to business-central:

Server logs:

Oct 28 12:56:43 business-central-1 business-central[18870]: #033[0m#033[0m12:56:43,962 INFO  [org.kie.server.controller.websocket.notification.WebSocketNotificationService] (Thread-123) WebSocket notify on updated :: Updated server template{serverTemplate=ServerTemplateKey{id='host.subdomain.x.com', name='host.subdomain.x.com'}, resetBeforeUpdate=false}
Oct 28 12:56:43 business-central-1 business-central[18870]: #033[0m#033[0m12:56:43,963 INFO  [org.kie.server.controller.websocket.notification.WebSocketNotificationService] (Thread-123) WebSocket notify on instance disconnected :: ServerInstanceDisconnected{serverInstanceId='[email protected]:36204'}

On the client:

Oct 28 20:21:53 host kie-server[1375]: #033[0m#033[33m20:21:53,090 WARN  [org.kie.server.common.KeyStoreHelperUtil] (KieServer-ControllerConnect) Unable to load key store. Using password from configuration
Oct 28 20:21:53 host kie-server[1375]: #033[0m#033[33m20:21:53,146 WARN  [org.kie.server.controller.websocket.client.WebSocketKieServerControllerImpl] (KieServer-ControllerConnect) Exception encountered while syncing with controller at wss://business-central-1.x.com/business-central/websocket/controller/host.subdomain.x.com error Invalid response code 403

The actual break occurred between 7.23.0 and 7.24.0, as 7.24.0 produces the same error message: Invalid response code 403.

The user that kie-server is connecting to business-central with has kie-server as a group, but that doesn't seem to help. We're running business-central on Wildfly 14.0.1.

I'm looking through the commits for a web.xml change for filtering web reources but can't seem to find anything. Actually, I'm not even sure which github project I should be looking in: https://github.com/kiegroup

Any help appreciated!

Solution

  • https://issues.jboss.org/browse/DROOLS-4705?jql=project%20%3D%20DROOLS

    The users need the rest-all role going forward. Thankyou Maciej Swiderski!