[rules-users] Guvnor users and case sensitivity
Jervisliu
jliu at redhat.com
Wed Mar 24 11:43:16 EDT 2010
There is a less intrusive approach.
Make a copy of
http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java,
rename to sth like CaseInsensitiveRoleBasedPermissionResolver.java. Make
this class calls a case insensitive version of
RoleBasedPermissionManager.java. Then in components.xml, configure
guvnor to use your CaseInsensitiveRoleBasedPermissionResolver.java:
<security:role-based-permission-resolver
enable-role-based-authorization="false"/>
<security:case-insensitive-role-based-permission-resolver
enable-role-based-authorization="true"/>
This makes sure your CaseInsensitiveRoleBasedPermissionResolver is
chained into Seam PermissionResolver chain.
This way you keep guvnor code untouched. Just pack up your classes in a
jar together with drools-guvnor.war. Have not tried this myself, but it
should work.
Hope this helps,
Jervis Liu
Jervisliu wrote:
> Hi, it is debatable whether or not Guvnor should support case
> insensitive. After all, a lot of authentication systems are case
> sensitivity, like Unix, Java EE role. There is no "easy" way to support
> case insensitive without changing the source code. The best approach IMO
> is to fix the issue at its root cause, i.e., disable case insensitive in
> LDAP. But if this is not an option for you and you dont mind hacking
> codes directly, you can modify RoleBasedPermissionStore
> (http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java)
> to make it case insensitive when it retrieves user permissions from data
> store.
>
> Cheers,
> Jervis
>
> Régis Ramillien wrote:
>
>> Hello all,
>>
>> I wonder if I can easily disable the case sensitivity for the user
>> login in guvnor.
>>
>> My users credentials are stored in an LDAP and the server does not ask
>> for case sensitivity.
>> Therefore, for each application, if a user is named "fr001", he can
>> also log as "FR001".
>>
>> But in guvnor, if the administrator create the user "fr001", then,
>> this user will not be able to log as "FR001" even if he is
>> successfully authenticated.
>> Guvnor returns the error "This user has no permissions setup.".
>>
>> Can we easily disble this, please ?
>>
>> Regards,
>>
>> Régis Ramillien
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>
>>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
More information about the rules-users
mailing list