[rules-users] JBOSS DROOLS Guvnor and SSO authentication

Jervisliu jliu at redhat.com
Thu Jun 24 07:20:49 EDT 2010 

Guvnor is using Seam internally to handle session/authentication etc. To 
do your own authentication, you need to implement your own 
authenticator. Take a look at 
http://anonsvn.jboss.org/repos/labs/labs/jbossrules/trunk/drools-guvnor/src/main/java/org/drools/guvnor/server/security/DefaultAuthenticator.java 
for example.


Peddada, Shanthakumar wrote:
> Hi,
>
> am not using jaas-config-name for guvnor, i am directly reading the user credentials from from the session object , but am getting null values.
> I am sending the user credentials in session from other application, when i click on the givnor link present on the application1 , i should be able to auto aunthenticate using the autthenticator.
>
> //Authenticator code for reading the user credentials from session object :
> //
> HttpServletRequest request =ServletContexts.getInstance().getRequest();
> String username = (String)request.getSession().getAttribute("User");
>          String password = (String)request.getSession().getAttribute("password");
>
> error trace :
>
> 23:53:27,671 INFO  [STDOUT] class org.drools.guvnor.server.security.Authenticator password nullsession attribute null
> 23:53:27,687 INFO  [STDOUT] ERROR 21-06 23:53:27,687 (SeamLoginModule.java:login:113)    Error invoking login method
> javax.el.ELException: java.lang.NullPointerException
>         at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:333)
>         at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:342)
>         at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
>         at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
>         at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
>         at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:174)
>         at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:109)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>         at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
>         at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
>         at org.jboss.seam.security.Identity.authenticate(Identity.java:335)
>         at org.jboss.seam.security.Identity.authenticate(Identity.java:324)
>         at org.drools.guvnor.server.security.SecurityServiceImpl.checkAutoLogin(SecurityServiceImpl.java:107)
>         at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:87)
>         at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:50)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
>         at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:164)
>         at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42)
>         at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
>         at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
>         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
>         at java.lang.Thread.run(Thread.java:619)
>
> Please let me know if ther is any other way of passing user credentials .
>
> Regards,
> Shantha
>
> ________________________________________
> From: rules-users-bounces at lists.jboss.org [rules-users-bounces at lists.jboss.org] On Behalf Of Jervisliu [jliu at redhat.com]
> Sent: Saturday, June 19, 2010 2:37 AM
> To: Rules Users List
> Subject: Re: [rules-users] JBOSS DROOLS Guvnor and SSO authentication
>
> ShanzRules wrote:
>   
>> Hi
>> We would like to integrate guvnor with SSO(Sun access manager),
>> we have a portal application already integrated with sun access manager ,
>> and from portal we want  to have a guvnor link on it and if we click on the
>> link , it should redirect to the guvnor home page without again displaying
>> the guvnor login.guvnor should automatically read the user credentials and
>> redirect to the home page for rules editing.
>>
>> Please provide the solution  if anyone has already implemented it.
>>
>> Appreciate all your help
>>
>>
>> Regards,
>> Shantha
>>
>>
>>
>>
>>     
> Hi Shantha, have you looked into OpenSSO? You may want to download an
> evaluation version of JBOSS SOA-P. There is an opensso demo in SOA-P
> which shows how to integrate OpenSSO with JBossAS or Tomcat. Once you
> manage to get OpenSSO working, all you need to do is to change guvnor
> login configuration to use the opensso login module, for example, the
> corresponding section in components.xml should read like below:
>
> <security:identity authenticate-method="#{authenticator.authenticate}"
> jaas-config-name="OpenSSOLogin"/>
>
> Hope this helps,
> Jervis
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
> This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete  this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin at patni.com and delete this mail.
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>

More information about the rules-users mailing list