Hi,
here's my understanding:
Roles are only then taken from JAAS, if you *disable* fine grained
authorization (set enable-role-based-authorization to false).
There are two roles that are available if you use JAAS: admin and non-admin.
So you can use JAAS for *authentication*, no problem. You can also use JAAS
for *authorization*, but then you have only two roles available. If you want
to use *Guvnor specific roles* for *authorization*, then you need to enable
fine grained authorization and set up all roles in Guvnor. Before you do
this you will have to create some user that is an administrator in Guvnor
using the GUI. Otherwise enabling fine grained authorization will make it
impossible to login as an administrator - JAAS will let you in, but Guvnor
will not let you do anything.
2009/5/6 Darrin Mison <dmison(a)redhat.com>
The Drools 5 guvnor guide states that you can specify the admin role
for a
user in your JAAS login configuration.
"It is also possible (thanks to JAAS) to define what users have the
"admin"
role for Guvnor"
This is also stated here:
http://magazine.redhat.com/2008/08/12/jboss-drools-how-to-tuning-guvnor-p...
I can't get this to work, the only way I can assign roles to users is using
the web UI.
Is this a bug or are the docs out of date ? Or am I missing something ?
*server/default/deploy/jboss-brms.war/WEB-INF/components.xml*
<security:identity authenticate-method="#{authenticator.authenticate}"
jaas-config-name="brms"/>
<security:role-based-permission-resolver
enable-role-based-authorization="true"/>
*server/default/conf/login-config.xml:*
<application-policy name="brms">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="usersProperties">props/brms-users.properties</module-option>
<module-option
name="rolesProperties">props/brms-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
*server/default/conf/props/brms-users.properties*
admin=admin123
*server/default/conf/props/brms-roles.properties*
admin=admin
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users