Hi,
 here's my understanding:
Roles are only then taken from JAAS, if you *disable* fine grained authorization (set enable-role-based-authorization to false).
There are two roles that are available if you use JAAS: admin and non-admin.

So you can use JAAS for *authentication*, no problem. You can also use JAAS for *authorization*, but then you have only two roles available. If you want to use *Guvnor specific roles* for *authorization*, then you need to enable fine grained authorization and set up all roles in Guvnor. Before you do this you will have to create some user that is an administrator in Guvnor using the GUI. Otherwise enabling fine grained authorization will make it impossible to login as an administrator - JAAS will let you in, but Guvnor will not let you do anything.



2009/5/6 Darrin Mison <dmison@redhat.com>
The Drools 5 guvnor guide states that you can specify the admin role for a user in your JAAS login configuration.

"It is also possible (thanks to JAAS) to define what users have the "admin" role for Guvnor"

This is also stated here: http://magazine.redhat.com/2008/08/12/jboss-drools-how-to-tuning-guvnor-part-1/#password

I can't get this to work, the only way I can assign roles to users is using the web UI.  

Is this a bug or are the docs out of date ?  Or am I missing something ?

server/default/deploy/jboss-brms.war/WEB-INF/components.xml
<security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="brms"/>
<security:role-based-permission-resolver enable-role-based-authorization="true"/>

server/default/conf/login-config.xml:
      <application-policy name="brms">
         <authentication>
            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
               <module-option name="usersProperties">props/brms-users.properties</module-option>
               <module-option name="rolesProperties">props/brms-roles.properties</module-option>
            </login-module>
         </authentication>
      </application-policy>

server/default/conf/props/brms-users.properties
admin=admin123

server/default/conf/props/brms-roles.properties
admin=admin


_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users