To answer my own question (and record a method that works for posterity)...
What I did was:-
* Configure my Glassfish domain's login.conf with a "seam"
LoginModule as follows
seam {
org.jboss.seam.security.jaas.SeamLoginModule required;
};
* Create a Seam authenticator that authenticates against a Glassfish
realm using Glassfish's ProgrammaticLogin as shown below.
The code in the authenticator uses the hardcoded realm called
"fileRealm". Maybe I need to find a way to configure that.
* Configure my Guvnor's identity component by changing the
components.xml inside the exploded drools-guvnor directory as
follows:-
<security:identity
authenticate-method="#{gfauthenticator.authenticate}"
jaas-config-name="seam"/>
This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm
authenticator.
* Add new users to the "file" realm.
* Now the users in the file realm can be authenticated as Guvnor users.
Text of the SeamAuthenticator for a Glassfish realm...
<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;
import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
/**
*
* @author Chris Selwyn<chris.selwyn(a)mendipit.co.uk>
*/
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
private Logger logger = Logger.getLogger(this.getClass().getName());
public boolean authenticate() {
try {
String userNm =
Identity.instance().getCredentials().getUsername();
String pass =
Identity.instance().getCredentials().getPassword();
ProgrammaticLogin plogin = new ProgrammaticLogin();
return plogin.login(userNm, pass, "fileRealm", true);
} catch (Exception ex) {
logger.log(Level.SEVERE, null, ex);
return false;
}
}
}
</QUOTE>
Chris Selwyn
On 01/11/2010 17:50, Chris Selwyn wrote:
I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
very well.
However, I am now looking to setup authentication of users to the Guvnor
server and this is where I am finding problems.
I tried writing a class with an "authenticate" method to authenticate
against a Glassfish realm using ProgrammaticLogin but (as far as I can
tell) this class is not being used by Guvnor.
Looking at the source, Guvnor appears to only use the
org.jboss.seam.security.Identity.authenticate method which uses only the
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which
exists in Glassfish's default login.conf) but now I get
"javax.security.auth.login.LoginException: No credentials." logged in my
server.log (and the user get a fail message, naturally).
Has anyone out there managed to configure Guvnor to authenticate against
a Glassfish realm or JAAS context and would be willing to help me through?
Chris Selwyn
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
-----
No virus found in this message.
Checked by AVG -
www.avg.com
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10