Good job, and thanks for posting your solution back to the mailing list.<br><br><div class="gmail_quote">2010/11/2 Chris Selwyn <span dir="ltr"><<a href="mailto:chris@selwyn-family.me.uk">chris@selwyn-family.me.uk</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
To answer my own question (and record a method that works for
posterity)...<br>
<br>
What I did was:-<br>
<ul>
<li>Configure my Glassfish domain's login.conf with a "seam"
LoginModule as follows<br>
seam {<br>
org.jboss.seam.security.jaas.SeamLoginModule required;<br>
};<br>
<br>
</li>
<li>Create a Seam authenticator that authenticates against a
Glassfish realm using Glassfish's ProgrammaticLogin as shown
below.<br>
The code in the authenticator uses the hardcoded realm called
"fileRealm". Maybe I need to find a way to configure that.<br>
<br>
</li>
<li>Configure my Guvnor's identity component by changing the
components.xml inside the exploded drools-guvnor directory as
follows:-<br>
<security:identity
authenticate-method="#{gfauthenticator.authenticate}"
jaas-config-name="seam"/><br>
This ties the inbuilt Seam JAAS LoginModule to the Glassfish
realm authenticator.<br>
<br>
</li>
<li>Add new users to the "file" realm.<br>
<br>
</li>
<li>Now the users in the file realm can be authenticated as Guvnor
users.<br>
</li>
</ul>
Text of the SeamAuthenticator for a Glassfish realm...<br>
<br>
<QUOTE><br>
package uk.co.mendipit.glassfishrealmauthenticator;<br>
<br>
import com.sun.appserv.security.ProgrammaticLogin;<br>
import java.util.logging.Level;<br>
import java.util.logging.Logger;<br>
import <a href="http://org.jboss.seam.annotations.Name" target="_blank">org.jboss.seam.annotations.Name</a>;<br>
import org.jboss.seam.security.Identity;<br>
<br>
/**<br>
*<br>
* @author Chris Selwyn<a href="mailto:chris.selwyn@mendipit.co.uk" target="_blank"><chris.selwyn@mendipit.co.uk></a><br>
*/<br>
@Name("gfauthenticator")<br>
public class GlassfishRealmAuthenticator {<br>
private Logger logger =
Logger.getLogger(this.getClass().getName());<br>
public boolean authenticate() {<br>
try {<br>
String userNm =
Identity.instance().getCredentials().getUsername();<br>
String pass =
Identity.instance().getCredentials().getPassword();<br>
ProgrammaticLogin plogin = new ProgrammaticLogin();<br>
<br>
return plogin.login(userNm, pass, "fileRealm", true);<br>
} catch (Exception ex) {<br>
<br>
logger.log(Level.SEVERE, null, ex);<br>
return false;<br>
}<br>
}<br>
}<br>
</QUOTE><br>
<br>
Chris Selwyn<br>
<br>
On 01/11/2010 17:50, Chris Selwyn wrote:
<blockquote type="cite">
<pre>I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
very well.
However, I am now looking to setup authentication of users to the Guvnor
server and this is where I am finding problems.
I tried writing a class with an "authenticate" method to authenticate
against a Glassfish realm using ProgrammaticLogin but (as far as I can
tell) this class is not being used by Guvnor.
Looking at the source, Guvnor appears to only use the
org.jboss.seam.security.Identity.authenticate method which uses only the
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which
exists in Glassfish's default login.conf) but now I get
"javax.security.auth.login.LoginException: No credentials." logged in my
server.log (and the user get a fail message, naturally).
Has anyone out there managed to configure Guvnor to authenticate against
a Glassfish realm or JAAS context and would be willing to help me through?
Chris Selwyn
_______________________________________________
rules-users mailing list
<a href="mailto:rules-users@lists.jboss.org" target="_blank">rules-users@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a>
-----
No virus found in this message.
Checked by AVG - <a href="http://www.avg.com" target="_blank">www.avg.com</a>
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
</pre>
</blockquote>
</div>
<br>_______________________________________________<br>
rules-users mailing list<br>
<a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
<br></blockquote></div><br>