To answer my own question (and record a method that works for posterity)...

What I did was:-

• Configure my Glassfish domain's login.conf with a "seam" LoginModule as follows
  seam {
      org.jboss.seam.security.jaas.SeamLoginModule required;
  };
  
  
• Create a Seam authenticator that authenticates against a Glassfish realm using Glassfish's ProgrammaticLogin as shown below.
  The code in the authenticator uses the hardcoded realm called "fileRealm". Maybe I need to find a way to configure that.
  
  
• Configure my Guvnor's identity component by changing the components.xml inside the exploded drools-guvnor directory as follows:-
      <security:identity authenticate-method="#{gfauthenticator.authenticate}" jaas-config-name="seam"/>
  This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm authenticator.
  
  
• Add new users to the "file" realm.
  
  
• Now the users in the file realm can be authenticated as Guvnor users.
  

Text of the SeamAuthenticator for a Glassfish realm...

<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;

import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;

/**
 *
 * @author Chris Selwyn<chris.selwyn@mendipit.co.uk>
 */
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
    private Logger logger = Logger.getLogger(this.getClass().getName());
    public boolean authenticate() {
        try {
            String userNm = Identity.instance().getCredentials().getUsername();
            String pass = Identity.instance().getCredentials().getPassword();
            ProgrammaticLogin plogin = new ProgrammaticLogin();

            return plogin.login(userNm, pass, "fileRealm", true);
        } catch (Exception ex) {

            logger.log(Level.SEVERE, null, ex);
            return false;
        }
    }
}
</QUOTE>

Chris Selwyn

On 01/11/2010 17:50, Chris Selwyn wrote:

I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work 
very well.

However, I am now looking to setup authentication of users to the Guvnor 
server and this is where I am finding problems.

I tried writing a class with an "authenticate" method to authenticate 
against a Glassfish realm using ProgrammaticLogin but (as far as I can 
tell) this class is not being used by Guvnor.

Looking at the source, Guvnor appears to only use the 
org.jboss.seam.security.Identity.authenticate method which uses only the 
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which 
exists in Glassfish's default login.conf) but now I get 
"javax.security.auth.login.LoginException: No credentials." logged in my 
server.log (and the user get a fail message, naturally).

Has anyone out there managed to configure Guvnor to authenticate against 
a Glassfish realm or JAAS context and would be willing to help me through?

Chris Selwyn

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users


-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10

_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10