[rules-users] User Security with guvnor 5.4 and Tomcat 6.0.36

[thecaptn]

Hi,

I have searched extensively for any answers, but have obviously not been
looking in the right places.

Tomcat is my app server: it should define the users. This is no problem:
since it is a small application we want to define our users in
tomcat-users.xml, using the UserDatabaseRealm (in preference to
MemoryRealm). JAAS or other options are overkill for us.

Now, what should I do on the guvnor side? I understand I should be looking
at the WEB-INF/beans.xml config file. I can't find much documentation on the
contents of this file in general, and nothing specific that seems to help
me. A lot of the advice out there seems JBoss AS specific or precedes the
move in 5.4 to beans.xml. 

But, I understand that tomcat in this setting is not supplying a JAAS
context, which seemed to be the most likely option.

Do I need to implement a version of
org.drools.guvnor.server.security.DemoAuthenticator?
Is that our only option?
Hasn't someone done this before?
What would you do in this situation?

Any assistance would be greatly appreciated.

Thanks, Pete



--
View this message in context: http://drools.46999.n3.nabble.com/User-Security-with-guvnor-5-4-and-Tomcat-6-0-36-tp4028945.html
Sent from the Drools: User forum mailing list archive at Nabble.com.