[jboss-user] [Beginner's Corner] - Guvnor Security
Shobhit Tyagi
do-not-reply at jboss.com
Mon Dec 20 01:51:43 EST 2010
roxy1987 [http://community.jboss.org/people/roxy1987] created the discussion
"Guvnor Security"
To view the discussion, visit: http://community.jboss.org/message/576759#576759
--------------------------------------------------------------
I am trying to add authentication to the guvnor console.
My WEB-INF/components.xml is like this :
*<?xml version="1.0" encoding="UTF-8"?>
<components xmlns=" http://jboss.com/products/seam/components http://jboss.com/products/seam/components"
xmlns:core=" http://jboss.com/products/seam/core http://jboss.com/products/seam/core"
xmlns:security=" http://jboss.com/products/seam/security http://jboss.com/products/seam/security"
xmlns:web=" http://jboss.com/products/seam/web http://jboss.com/products/seam/web"
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance"
xmlns:transaction=" http://jboss.com/products/seam/transaction http://jboss.com/products/seam/transaction"
xsi:schemaLocation=
" http://jboss.com/products/seam/core http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd http://jboss.com/products/seam/core-2.0.xsd
http://jboss.com/products/seam/security http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd http://jboss.com/products/seam/security-2.0.xsd
http://jboss.com/products/seam/components http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd http://jboss.com/products/seam/components-2.0.xsd
http://jboss.com/products/seam/web http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.0.xsd http://jboss.com/products/seam/web-2.0.xsd
http://jboss.com/products/seam/transaction http://jboss.com/products/seam/transaction http://jboss.com/products/seam/transaction-2.0.xsd http://jboss.com/products/seam/transaction-2.0.xsd">
<core:init transaction-management-enabled="false"/>
<transaction:no-transaction/>
<component name="repositoryConfiguration">
<!--
*** This is for configuring the "home" directory for the repo storage. the directory must exist. ***
<property name="homeDirectory">/home/michael/RulesRepository_001</property>
-->
<!--
Optional: this is for creating a configurator for a seperate repository type.
<property name="configurator">org.drools.repository.JackrabbitRepositoryConfigurator</property>
-->
</component>
<!-- SECURITY IDENTITY CONFIGURATION -->
<!-- default (will take any username, useful if you want to keep track of users but not authenticate
<security:identity authenticate-method="#{defaultAuthenticator.authenticate}"/> -->
<!-- NO authentication. This will bypass the login screen when you hit the app. Everyone is "guest" -->
<!-- <security:identity authenticate-method="#{nilAuthenticator.authenticate}"/> -->
<!-- FOR EXAMPLE: the following one will use the jaas configuration called "other" - which in jboss AS means you can use properties files for users: -->
<security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="other"/>
<!-- as JAAS is used you can use container specific ones to link up to your login services, eg LDAP/AD etc -->
<!-- SECURITY AUTHORIZATION CONFIGURATION -->
<!-- This is used to enable or disable role-based authorization. By default it is disabled. -->
<security:role-based-permission-resolver enable-role-based-authorization="true"/>
</components>*
server/default/conf/login-config.xml looks like this :
*<?xml version='1.0'?>*
*<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.*
*The outline of the application-policy is:
<application-policy name="security-domain-name">
<authentication>
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>*
* <login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</authentication>
</application-policy>*
*$Id: login-config.xml 76444 2008-07-29 23:50:53Z mailto:sguilhen at redhat.com sguilhen at redhat.com $
$Revision: 76444 $
-->*
*<policy>
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name="client-login">
<authentication>
<login-module code="org.jboss.security.ClientLoginModule"
flag="required">
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>*
* <!-- Security domains for testing new jca framework -->
<application-policy name="HsqlDbRealm">
<authentication>
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag="required">
<module-option name="principal">sa</module-option>
<module-option name="userName">sa</module-option>
<module-option name="password"></module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</authentication>
</application-policy>*
* <application-policy name="JmsXARealm">
<authentication>
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag="required">
<module-option name="principal">guest</module-option>
<module-option name="userName">guest</module-option>
<module-option name="password">guest</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</authentication>
</application-policy>*
* <!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>*
* <!-- A template configuration for the web-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="web-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">web-console-users.properties</module-option>
<module-option name="rolesProperties">web-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>*
* <!--
A template configuration for the JBossWS security domain.
This defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="JBossWS">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>*
* <!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name="other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties">props/guvnor-users.properties</module-option>
<module-option name="rolesProperties">props/guvnor-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
</policy>*
Also I have created the two files *guvnor-users.properties.xml* and *guvnor-roles.properties.xml* and put these files in props folder.
But the password and username i provided doesnt work. What is wrong with the code???
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/576759#576759]
Start a new discussion in Beginner's Corner at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101220/04cf9f38/attachment-0001.html
More information about the jboss-user
mailing list