Good job, and thanks for posting your solution back to the mailing list.
To answer my own question (and record a method that works for posterity)...
What I did was:-
Text of the SeamAuthenticator for a Glassfish realm...
- Configure my Glassfish domain's login.conf with a "seam" LoginModule as follows
seam {
org.jboss.seam.security.jaas.SeamLoginModule required;
};
- Create a Seam authenticator that authenticates against a Glassfish realm using Glassfish's ProgrammaticLogin as shown below.
The code in the authenticator uses the hardcoded realm called "fileRealm". Maybe I need to find a way to configure that.
- Configure my Guvnor's identity component by changing the components.xml inside the exploded drools-guvnor directory as follows:-
<security:identity authenticate-method="#{gfauthenticator.authenticate}" jaas-config-name="seam"/>
This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm authenticator.
- Add new users to the "file" realm.
- Now the users in the file realm can be authenticated as Guvnor users.
<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;
import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
/**
*
* @author Chris Selwyn<chris.selwyn@mendipit.co.uk>
*/
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
private Logger logger = Logger.getLogger(this.getClass().getName());
public boolean authenticate() {
try {
String userNm = Identity.instance().getCredentials().getUsername();
String pass = Identity.instance().getCredentials().getPassword();
ProgrammaticLogin plogin = new ProgrammaticLogin();
return plogin.login(userNm, pass, "fileRealm", true);
} catch (Exception ex) {
logger.log(Level.SEVERE, null, ex);
return false;
}
}
}
</QUOTE>
Chris Selwyn
On 01/11/2010 17:50, Chris Selwyn wrote:I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work very well. However, I am now looking to setup authentication of users to the Guvnor server and this is where I am finding problems. I tried writing a class with an "authenticate" method to authenticate against a Glassfish realm using ProgrammaticLogin but (as far as I can tell) this class is not being used by Guvnor. Looking at the source, Guvnor appears to only use the org.jboss.seam.security.Identity.authenticate method which uses only the jaas-config-name value from the components.xml file. So I then tried setting the jaas-config-name to "fileRealm" (which exists in Glassfish's default login.conf) but now I get "javax.security.auth.login.LoginException: No credentials." logged in my server.log (and the user get a fail message, naturally). Has anyone out there managed to configure Guvnor to authenticate against a Glassfish realm or JAAS context and would be willing to help me through? Chris Selwyn _______________________________________________ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users ----- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users