<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Guvnor Security
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/roxy1987">roxy1987</a> in <i>Beginner's Corner</i> - <a href="http://community.jboss.org/message/576759#576759">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>I am trying to add authentication to the guvnor console.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>My <span style="text-decoration: underline;">WEB-INF/components.xml</span> is like this :</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><?xml version="1.0" encoding="UTF-8"?> <br/><span><components xmlns="</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/components" target="_blank">http://jboss.com/products/seam/components</a><span>" </span><br/><span>            xmlns:core="</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/core" target="_blank">http://jboss.com/products/seam/core</a><span>" </span><br/><span>            xmlns:security="</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/security" target="_blank">http://jboss.com/products/seam/security</a><span>" </span><br/><span>            xmlns:web="</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/web" target="_blank">http://jboss.com/products/seam/web</a><span>" </span><br/><span>            xmlns:xsi="</span><a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a><span>" </span><br/><span>            xmlns:transaction="</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/transaction" target="_blank">http://jboss.com/products/seam/transaction</a><span>" </span><br/>            xsi:schemaLocation= <br/><span>                "</span><a class="jive-link-external-small" href="http://jboss.com/products/seam/core" target="_blank">http://jboss.com/products/seam/core</a><span> </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/core-2.0.xsd" target="_blank">http://jboss.com/products/seam/core-2.0.xsd</a><span> </span><br/><span>                 </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/security" target="_blank">http://jboss.com/products/seam/security</a><span> </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/security-2.0.xsd" target="_blank">http://jboss.com/products/seam/security-2.0.xsd</a><span> </span><br/><span>                 </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/components" target="_blank">http://jboss.com/products/seam/components</a><span> </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/components-2.0.xsd" target="_blank">http://jboss.com/products/seam/components-2.0.xsd</a><span> </span><br/><span>                 </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/web" target="_blank">http://jboss.com/products/seam/web</a><span> </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/web-2.0.xsd" target="_blank">http://jboss.com/products/seam/web-2.0.xsd</a><span> </span><br/><span>                 </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/transaction" target="_blank">http://jboss.com/products/seam/transaction</a><span> </span><a class="jive-link-external-small" href="http://jboss.com/products/seam/transaction-2.0.xsd" target="_blank">http://jboss.com/products/seam/transaction-2.0.xsd</a><span>"> </span><br/> <br/> <br/>    <core:init transaction-management-enabled="false"/> <br/>    <transaction:no-transaction/> <br/> <br/>    <component name="repositoryConfiguration"> <br/>        <!-- <br/>          *** This is for configuring the "home" directory for the repo storage. the directory must exist.     *** <br/>          <property name="homeDirectory">/home/michael/RulesRepository_001</property> <br/>        --> <br/> <br/>        <!-- <br/>          Optional: this is for creating a configurator for a seperate repository type. <br/>          <property name="configurator">org.drools.repository.JackrabbitRepositoryConfigurator</property> <br/>        --> <br/>    </component> <br/> <br/>    <!-- SECURITY IDENTITY CONFIGURATION --> <br/> <br/>    <!-- default (will take any username, useful if you want to keep track of users but not authenticate  <br/>    <security:identity authenticate-method="#{defaultAuthenticator.authenticate}"/> --> <br/> <br/> <br/>    <!-- NO authentication. This will bypass the login screen when you hit the app. Everyone is "guest" --> <br/>    <!-- <security:identity authenticate-method="#{nilAuthenticator.authenticate}"/> --> <br/> <br/> <br/>    <!-- FOR EXAMPLE: the following one will use the jaas configuration called "other" - which in jboss AS means you can use properties files for users: --> <br/>    <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="other"/> <br/> <br/>    <!-- as JAAS is used you can use container specific ones to link up to your login services, eg LDAP/AD etc --> <br/> <br/>    <!-- SECURITY AUTHORIZATION CONFIGURATION --> <br/>    <!-- This is used to enable or disable role-based authorization. By default it is disabled. --> <br/>    <security:role-based-permission-resolver enable-role-based-authorization="true"/> <br/> <br/></components></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><span style="text-decoration: underline;">server/default/conf/login-config.xml</span> looks like this :</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><?xml version='1.0'?></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><!-- The XML based JAAS login configuration read by the<br/>org.jboss.security.auth.login.XMLLoginConfig mbean. Add<br/>an application-policy element for each security domain.</strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>The outline of the application-policy is:<br/><application-policy name="security-domain-name"><br/>  <authentication><br/>    <login-module code="login.module1.class.name" flag="control_flag"><br/>      <module-option name = "option1-name">option1-value</module-option><br/>      <module-option name = "option2-name">option2-value</module-option><br/>      ...<br/>    </login-module></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>    <login-module code="login.module2.class.name" flag="control_flag"><br/>      ...<br/>    </login-module><br/>    ...<br/>  </authentication><br/></application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><span>$Id: login-config.xml 76444 2008-07-29 23:50:53Z </span><a class="jive-link-email-small" href="mailto:sguilhen@redhat.com" target="_blank">sguilhen@redhat.com</a><span> $</span><br/>$Revision: 76444 $<br/>--></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><policy><br/>  <!-- Used by clients within the application server VM such as<br/>  mbeans and servlets that access EJBs.<br/>  --><br/>  <application-policy name="client-login"><br/>    <authentication><br/>      <login-module code="org.jboss.security.ClientLoginModule"<br/>        flag="required"><br/>         <!-- Any existing security context will be restored on logout --><br/>         <module-option name="restore-login-identity">true</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <!-- Security domains for testing new jca framework --><br/>  <application-policy name="HsqlDbRealm"><br/>    <authentication><br/>      <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"<br/>        flag="required"><br/>        <module-option name="principal">sa</module-option><br/>        <module-option name="userName">sa</module-option><br/>        <module-option name="password"></module-option><br/>        <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <application-policy name="JmsXARealm"><br/>    <authentication><br/>      <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"<br/>        flag="required"><br/>        <module-option name="principal">guest</module-option><br/>        <module-option name="userName">guest</module-option><br/>        <module-option name="password">guest</module-option><br/>        <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <!-- A template configuration for the jmx-console web application. This<br/>    defaults to the UsersRolesLoginModule the same as other and should be<br/>    changed to a stronger authentication mechanism as required.<br/>  --><br/>  <application-policy name="jmx-console"><br/>    <authentication><br/>      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"<br/>        flag="required"><br/>        <module-option name="usersProperties">props/jmx-console-users.properties</module-option><br/>        <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <!-- A template configuration for the web-console web application. This<br/>    defaults to the UsersRolesLoginModule the same as other and should be<br/>    changed to a stronger authentication mechanism as required.<br/>  --><br/>  <application-policy name="web-console"><br/>    <authentication><br/>      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"<br/>        flag="required"><br/>        <module-option name="usersProperties">web-console-users.properties</module-option><br/>        <module-option name="rolesProperties">web-console-roles.properties</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <!--<br/>    A template configuration for the JBossWS security domain.<br/>    This defaults to the UsersRolesLoginModule the same as other and should be<br/>    changed to a stronger authentication mechanism as required.<br/>  --><br/>  <application-policy name="JBossWS"><br/>    <authentication><br/>      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"<br/>        flag="required"><br/>        <module-option name="usersProperties">props/jbossws-users.properties</module-option><br/>        <module-option name="rolesProperties">props/jbossws-roles.properties</module-option><br/>        <module-option name="unauthenticatedIdentity">anonymous</module-option><br/>      </login-module><br/>    </authentication><br/>  </application-policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>  <!-- The default login configuration used by any security domain that<br/>  does not have a application-policy entry with a matching name<br/>  --><br/>  <application-policy name="other"><br/>    <!-- A simple server login module, which can be used when the number<br/>    of users is relatively small. It uses two properties files:<br/>    users.properties, which holds users (key) and their password (value).<br/>    roles.properties, which holds users (key) and a comma-separated list of<br/>    their roles (value).<br/>    The unauthenticatedIdentity property defines the name of the principal<br/>    that will be used when a null username and password are presented as is<br/>    the case for an unuathenticated web client or MDB. If you want to<br/>    allow such users to be authenticated add the property, e.g.,<br/>    unauthenticatedIdentity="nobody"<br/>    --><br/>    <authentication><br/>      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"><br/>    <module-option name="usersProperties">props/guvnor-users.properties</module-option><br/>    <module-option name="rolesProperties">props/guvnor-roles.properties</module-option><br/>        </login-module><br/>    </authentication><br/>  </application-policy><br/></policy></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Also I have created the two files <strong>guvnor-users.properties.xml</strong> and <strong>guvnor-roles.properties.xml</strong> and put these files in props folder.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>But the password and username i provided doesnt work. <span style="text-decoration: underline;">What is wrong with the code</span>???</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/576759#576759">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in Beginner's Corner at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>