<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
And further... <br>
<br>
In order to provide capability to configure the realm (rather than
hardcoding it), I have made the small modification to the
GlassfishRealmAuthenticator as follows...<br>
<br>
<QUOTE><br>
package uk.co.mendipit.glassfishrealmauthenticator;<br>
<br>
import com.sun.appserv.security.ProgrammaticLogin;<br>
import java.util.logging.Level;<br>
import java.util.logging.Logger;<br>
import org.jboss.seam.annotations.Name;<br>
import org.jboss.seam.security.Identity;<br>
<br>
/**<br>
*<br>
* @author Chris Selwyn<a class="moz-txt-link-rfc2396E" href="mailto:chris.selwyn@mendipit.co.uk"><chris.selwyn@mendipit.co.uk></a><br>
*/<br>
@Name("gfauthenticator")<br>
public class GlassfishRealmAuthenticator {<br>
private Logger logger =
Logger.getLogger(this.getClass().getName());<br>
<br>
private String realm;<br>
<br>
public boolean authenticate() {<br>
try {<br>
String userNm =
Identity.instance().getCredentials().getUsername();<br>
String pass =
Identity.instance().getCredentials().getPassword();<br>
ProgrammaticLogin plogin = new ProgrammaticLogin();<br>
<br>
return plogin.login(userNm, pass, realm, true);<br>
} catch (Exception ex) {<br>
<br>
logger.log(Level.SEVERE, null, ex);<br>
return false;<br>
}<br>
}<br>
<br>
public void setRealm(String realm) {<br>
this.realm = realm;<br>
}<br>
}<br>
</QUOTE><br>
<br>
This allows the following to be put into the components.xml<br>
<br>
<component name="gfauthenticator"><br>
<property name="realm">fileRealm</property><br>
</component><br>
<br>
This allows configuration of the file realm by appropriate
modification of Seam's components.xml.<br>
<br>
(please excuse my ramblings... I am still learning about Seam!)<br>
<br>
Chris<br>
<br>
On 02/11/2010 10:37, Chris Selwyn wrote:
<blockquote cite="mid:4CCFE9CC.5090505@selwyn-family.me.uk"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
To answer my own question (and record a method that works for
posterity)...<br>
<br>
What I did was:-<br>
<ul>
<li>Configure my Glassfish domain's login.conf with a "seam"
LoginModule as follows<br>
seam {<br>
org.jboss.seam.security.jaas.SeamLoginModule required;<br>
};<br>
<br>
</li>
<li>Create a Seam authenticator that authenticates against a
Glassfish realm using Glassfish's ProgrammaticLogin as shown
below.<br>
The code in the authenticator uses the hardcoded realm called
"fileRealm". Maybe I need to find a way to configure that.<br>
<br>
</li>
<li>Configure my Guvnor's identity component by changing the
components.xml inside the exploded drools-guvnor directory as
follows:-<br>
<security:identity
authenticate-method="#{gfauthenticator.authenticate}"
jaas-config-name="seam"/><br>
This ties the inbuilt Seam JAAS LoginModule to the Glassfish
realm authenticator.<br>
<br>
</li>
<li>Add new users to the "file" realm.<br>
<br>
</li>
<li>Now the users in the file realm can be authenticated as
Guvnor users.<br>
</li>
</ul>
Text of the SeamAuthenticator for a Glassfish realm...<br>
<br>
<QUOTE><br>
package uk.co.mendipit.glassfishrealmauthenticator;<br>
<br>
import com.sun.appserv.security.ProgrammaticLogin;<br>
import java.util.logging.Level;<br>
import java.util.logging.Logger;<br>
import org.jboss.seam.annotations.Name;<br>
import org.jboss.seam.security.Identity;<br>
<br>
/**<br>
*<br>
* @author Chris Selwyn<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:chris.selwyn@mendipit.co.uk"><chris.selwyn@mendipit.co.uk></a><br>
*/<br>
@Name("gfauthenticator")<br>
public class GlassfishRealmAuthenticator {<br>
private Logger logger =
Logger.getLogger(this.getClass().getName());<br>
public boolean authenticate() {<br>
try {<br>
String userNm =
Identity.instance().getCredentials().getUsername();<br>
String pass =
Identity.instance().getCredentials().getPassword();<br>
ProgrammaticLogin plogin = new ProgrammaticLogin();<br>
<br>
return plogin.login(userNm, pass, "fileRealm", true);<br>
} catch (Exception ex) {<br>
<br>
logger.log(Level.SEVERE, null, ex);<br>
return false;<br>
}<br>
}<br>
}<br>
</QUOTE><br>
<br>
Chris Selwyn<br>
<br>
On 01/11/2010 17:50, Chris Selwyn wrote:
<blockquote cite="mid:4CCEFDDC.3000702@selwyn-family.me.uk"
type="cite">
<pre wrap="">I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
very well.
However, I am now looking to setup authentication of users to the Guvnor
server and this is where I am finding problems.
I tried writing a class with an "authenticate" method to authenticate
against a Glassfish realm using ProgrammaticLogin but (as far as I can
tell) this class is not being used by Guvnor.
Looking at the source, Guvnor appears to only use the
org.jboss.seam.security.Identity.authenticate method which uses only the
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which
exists in Glassfish's default login.conf) but now I get
"javax.security.auth.login.LoginException: No credentials." logged in my
server.log (and the user get a fail message, naturally).
Has anyone out there managed to configure Guvnor to authenticate against
a Glassfish realm or JAAS context and would be willing to help me through?
Chris Selwyn
_______________________________________________
rules-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/rules-users">https://lists.jboss.org/mailman/listinfo/rules-users</a>
-----
No virus found in this message.
Checked by AVG - <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.avg.com">www.avg.com</a>
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
</pre>
</blockquote>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
rules-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/rules-users">https://lists.jboss.org/mailman/listinfo/rules-users</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<p class="avgcert" color="#000000" align="left">No virus found in
this message.<br>
Checked by AVG - <a moz-do-not-send="true"
href="http://www.avg.com">www.avg.com</a><br>
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date:
11/01/10</p>
</blockquote>
</body>
</html>