[rules-users] Guvnor - assigning roles to users

Jaroslaw Kijanowski kijanowski at gmail.com
Wed May 6 02:22:45 EDT 2009 

Hi,
 here's my understanding:
Roles are only then taken from JAAS, if you *disable* fine grained
authorization (set enable-role-based-authorization to false).
There are two roles that are available if you use JAAS: admin and non-admin.

So you can use JAAS for *authentication*, no problem. You can also use JAAS
for *authorization*, but then you have only two roles available. If you want
to use *Guvnor specific roles* for *authorization*, then you need to enable
fine grained authorization and set up all roles in Guvnor. Before you do
this you will have to create some user that is an administrator in Guvnor
using the GUI. Otherwise enabling fine grained authorization will make it
impossible to login as an administrator - JAAS will let you in, but Guvnor
will not let you do anything.



2009/5/6 Darrin Mison <dmison at redhat.com>

> The Drools 5 guvnor guide states that you can specify the admin role for a
> user in your JAAS login configuration.
> "It is also possible (thanks to JAAS) to define what users have the "admin"
> role for Guvnor"
>
> This is also stated here:
> http://magazine.redhat.com/2008/08/12/jboss-drools-how-to-tuning-guvnor-part-1/#password
>
> I can't get this to work, the only way I can assign roles to users is using
> the web UI.
>
> Is this a bug or are the docs out of date ?  Or am I missing something ?
>
> *server/default/deploy/jboss-brms.war/WEB-INF/components.xml*
> <security:identity authenticate-method="#{authenticator.authenticate}"
> jaas-config-name="brms"/>
> <security:role-based-permission-resolver
> enable-role-based-authorization="true"/>
>
> *server/default/conf/login-config.xml:*
>       <application-policy name="brms">
>          <authentication>
>             <login-module
> code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
>                <module-option
> name="usersProperties">props/brms-users.properties</module-option>
>                <module-option
> name="rolesProperties">props/brms-roles.properties</module-option>
>             </login-module>
>          </authentication>
>       </application-policy>
>
> *server/default/conf/props/brms-users.properties*
> admin=admin123
>
> *server/default/conf/props/brms-roles.properties*
> admin=admin
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20090506/2f9bad06/attachment.html

More information about the rules-users mailing list