[jboss-jira] [JBoss JIRA] (JBRULES-3554) drools-server 5.0.1 - cannot pull in rulebases from guvnor >5.2 when authentication is enabled
Nicholas DiPiazza (JIRA)
jira-events at lists.jboss.org
Fri Jun 22 17:51:12 EDT 2012
Nicholas DiPiazza created JBRULES-3554:
------------------------------------------
Summary: drools-server 5.0.1 - cannot pull in rulebases from guvnor >5.2 when authentication is enabled
Key: JBRULES-3554
URL: https://issues.jboss.org/browse/JBRULES-3554
Project: Drools
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: drools-core
Affects Versions: 5.0.0.FINAL
Environment: All OS - only Drools Server 5.0.x connecting to Guvnor > 5.2 with some sort of authentication turned on with security:identity in components.xml
Reporter: Nicholas DiPiazza
Assignee: Mark Proctor
There is an issue in
org.drools.agent.HttpClientImpl.checkLastUpdated(URL u)
When the URL passed in is not guest accessible (requires basic authentication), this is not a handled situation in this version of Drools.
So when you try to use Drools Execution Server to connect rulebase in Guvnor >5.2 (has authentication enabled)... it will fail if the rulebase URL is not guest accessible.
These two methods need to have authentication added in (marked by START and END NDD).
public LastUpdatedPing checkLastUpdated(URL url) throws IOException {
URLConnection con = url.openConnection();
HttpURLConnection httpCon = (HttpURLConnection) con;
try {
// **** START NDD *****
BASE64Encoder enc = new sun.misc.BASE64Encoder();
String userpassword = "ad-user" + ":" + "ad-password";
String encodedAuthorization = enc.encode( userpassword.getBytes() );
httpCon.setRequestProperty("Authorization", "Basic "+
encodedAuthorization);
// **** END NDD *****
httpCon.setRequestMethod( "HEAD" );
String lm = httpCon.getHeaderField( "lastModified" );
LastUpdatedPing ping = new LastUpdatedPing();
ping.responseMessage = httpCon.getHeaderFields().toString();
if ( lm != null ) {
ping.lastUpdated = Long.parseLong( lm );
} else {
long httpLM = httpCon.getLastModified();
if ( httpLM > 0 ) {
ping.lastUpdated = httpLM;
}
}
return ping;
} finally {
httpCon.disconnect();
}
}
public Package fetchPackage(URL url) throws IOException,
ClassNotFoundException {
URLConnection con = url.openConnection();
HttpURLConnection httpCon = (HttpURLConnection) con;
try {
// **** START NDD *****
BASE64Encoder enc = new sun.misc.BASE64Encoder();
String userpassword = "ad-user" + ":" + "ad-password";
String encodedAuthorization = enc.encode( userpassword.getBytes() );
httpCon.setRequestProperty("Authorization", "Basic "+
encodedAuthorization);
// **** END NDD *****
httpCon.setRequestMethod( "GET" );
Object o = DroolsStreamUtils.streamIn( httpCon.getInputStream() );
if ( o instanceof KnowledgePackageImp ) {
return ((KnowledgePackageImp) o).pkg;
} else {
return (Package) o;
}
} finally {
httpCon.disconnect();
}
}
Obviously a production scenario would pull those username/password combinations from the .properties file for the rulebase.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list