[rules-users] Guvnor users and case sensitivity

Jervisliu jliu at redhat.com
Wed Mar 24 11:43:16 EDT 2010 

There is a less intrusive approach.

Make a copy of 
http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-guvnor/src/main/java/org/jboss/seam/security/permission/RoleBasedPermissionResolver.java, 
rename to sth like CaseInsensitiveRoleBasedPermissionResolver.java. Make 
this class calls a case insensitive version of 
RoleBasedPermissionManager.java. Then in components.xml, configure 
guvnor to use your CaseInsensitiveRoleBasedPermissionResolver.java:

<security:role-based-permission-resolver 
enable-role-based-authorization="false"/>
<security:case-insensitive-role-based-permission-resolver 
enable-role-based-authorization="true"/>

This makes sure your CaseInsensitiveRoleBasedPermissionResolver is 
chained into Seam PermissionResolver chain.

This way you keep guvnor code untouched. Just pack up your classes in a 
jar together with drools-guvnor.war. Have not tried this myself, but it 
should work.

Hope this helps,
Jervis Liu


Jervisliu wrote:
> Hi, it is debatable whether or not Guvnor should support case 
> insensitive. After all, a lot of authentication systems are case 
> sensitivity, like Unix, Java EE role. There is no "easy" way to support 
> case insensitive without changing the source code. The best approach IMO 
> is to fix the issue at its root cause, i.e., disable case insensitive in 
> LDAP. But if this is not an option for you and you dont mind hacking 
> codes directly, you can modify RoleBasedPermissionStore 
> (http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/RoleBasedPermissionStore.java) 
> to make it case insensitive when it retrieves user permissions from data 
> store.
>
> Cheers,
> Jervis
>
> Régis Ramillien wrote:
>   
>> Hello all,
>>
>> I wonder if I can easily disable the case sensitivity for the user 
>> login in guvnor.
>>
>> My users credentials are stored in an LDAP and the server does not ask 
>> for case sensitivity.
>> Therefore, for each application, if a user is named "fr001", he can 
>> also log as "FR001".
>>
>> But in guvnor, if the administrator create the user "fr001", then, 
>> this user will not be able to log as "FR001" even if he is 
>> successfully authenticated.
>> Guvnor returns the error "This user has no permissions setup.".
>>
>> Can we easily disble this, please ?
>>
>> Regards,
>>
>> Régis Ramillien
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>   
>>     
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>

More information about the rules-users mailing list