Re: [rules-users] Authorisation of Guvnor users on Glassfish

To answer my own question (and record a method that works for posterity)... What I did was:- - Configure my Glassfish domain's login.conf with a "seam" LoginModule as follows seam { org.jboss.seam.security.jaas.SeamLoginModule required; }; - Create a Seam authenticator that authenticates against a Glassfish realm using Glassfish's ProgrammaticLogin as shown below. The code in the authenticator uses the hardcoded realm called "fileRealm". Maybe I need to find a way to configure that. - Configure my Guvnor's identity component by changing the components.xml inside the exploded drools-guvnor directory as follows:- <security:identity authenticate-method="#{gfauthenticator.authenticate}" jaas-config-name="seam"/> This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm authenticator. - Add new users to the "file" realm. - Now the users in the file realm can be authenticated as Guvnor users. Text of the SeamAuthenticator for a Glassfish realm... <QUOTE> package uk.co.mendipit.glassfishrealmauthenticator; import com.sun.appserv.security.ProgrammaticLogin; import java.util.logging.Level; import java.util.logging.Logger; import org.jboss.seam.annotations.Name; import org.jboss.seam.security.Identity; /** * * @author Chris Selwyn&lt;chris.selwyn@mendipit.co.uk&gt;&lt;chris.selwyn(a)mendipit.co.uk&gt; */ @Name("gfauthenticator") public class GlassfishRealmAuthenticator { private Logger logger = Logger.getLogger(this.getClass().getName()); public boolean authenticate() { try { String userNm = Identity.instance().getCredentials().getUsername(); String pass = Identity.instance().getCredentials().getPassword(); ProgrammaticLogin plogin = new ProgrammaticLogin(); return plogin.login(userNm, pass, "fileRealm", true); } catch (Exception ex) { logger.log(Level.SEVERE, null, ex); return false; } } } </QUOTE> Chris Selwyn On 01/11/2010 17:50, Chris Selwyn wrote: I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work very well. However, I am now looking to setup authentication of users to the Guvnor server and this is where I am finding problems. I tried writing a class with an "authenticate" method to authenticate against a Glassfish realm using ProgrammaticLogin but (as far as I can tell) this class is not being used by Guvnor. Looking at the source, Guvnor appears to only use the org.jboss.seam.security.Identity.authenticate method which uses only the jaas-config-name value from the components.xml file. So I then tried setting the jaas-config-name to "fileRealm" (which exists in Glassfish's default login.conf) but now I get "javax.security.auth.login.LoginException: No credentials." logged in my server.log (and the user get a fail message, naturally). Has anyone out there managed to configure Guvnor to authenticate against a Glassfish realm or JAAS context and would be willing to help me through? Chris Selwyn _______________________________________________ rules-users mailing listrules-users@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/rules-users ----- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10 _______________________________________________ rules-users mailing list rules-users(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users