Good job, and thanks for posting your solution back to the mailing list.

2010/11/2 Chris Selwyn <chris@selwyn-family.me.uk>
To answer my own question (and record a method that works for posterity)...

What I did was:-
  • Configure my Glassfish domain's login.conf with a "seam" LoginModule as follows
    seam {
        org.jboss.seam.security.jaas.SeamLoginModule required;
    };

  • Create a Seam authenticator that authenticates against a Glassfish realm using Glassfish's ProgrammaticLogin as shown below.
    The code in the authenticator uses the hardcoded realm called "fileRealm". Maybe I need to find a way to configure that.

  • Configure my Guvnor's identity component by changing the components.xml inside the exploded drools-guvnor directory as follows:-
        <security:identity authenticate-method="#{gfauthenticator.authenticate}" jaas-config-name="seam"/>
    This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm authenticator.

  • Add new users to the "file" realm.

  • Now the users in the file realm can be authenticated as Guvnor users.
Text of the SeamAuthenticator for a Glassfish realm...

<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;

import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;

/**
 *
 * @author Chris Selwyn<chris.selwyn@mendipit.co.uk>
 */
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
    private Logger logger = Logger.getLogger(this.getClass().getName());
    public boolean authenticate() {
        try {
            String userNm = Identity.instance().getCredentials().getUsername();
            String pass = Identity.instance().getCredentials().getPassword();
            ProgrammaticLogin plogin = new ProgrammaticLogin();

            return plogin.login(userNm, pass, "fileRealm", true);
        } catch (Exception ex) {

            logger.log(Level.SEVERE, null, ex);
            return false;
        }
    }
}
</QUOTE>

Chris Selwyn

On 01/11/2010 17:50, Chris Selwyn wrote: 
I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work 
very well.

However, I am now looking to setup authentication of users to the Guvnor 
server and this is where I am finding problems.

I tried writing a class with an "authenticate" method to authenticate 
against a Glassfish realm using ProgrammaticLogin but (as far as I can 
tell) this class is not being used by Guvnor.

Looking at the source, Guvnor appears to only use the 
org.jboss.seam.security.Identity.authenticate method which uses only the 
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which 
exists in Glassfish's default login.conf) but now I get 
"javax.security.auth.login.LoginException: No credentials." logged in my 
server.log (and the user get a fail message, naturally).

Has anyone out there managed to configure Guvnor to authenticate against 
a Glassfish realm or JAAS context and would be willing to help me through?

Chris Selwyn

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users


-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users