[rules-users] Authorisation of Guvnor users on Glassfish
Michael Anstis
michael.anstis at gmail.com
Tue Nov 2 06:44:52 EDT 2010
Good job, and thanks for posting your solution back to the mailing list.
2010/11/2 Chris Selwyn <chris at selwyn-family.me.uk>
> To answer my own question (and record a method that works for
> posterity)...
>
> What I did was:-
>
> - Configure my Glassfish domain's login.conf with a "seam" LoginModule
> as follows
> seam {
> org.jboss.seam.security.jaas.SeamLoginModule required;
> };
>
> - Create a Seam authenticator that authenticates against a Glassfish
> realm using Glassfish's ProgrammaticLogin as shown below.
> The code in the authenticator uses the hardcoded realm called
> "fileRealm". Maybe I need to find a way to configure that.
>
> - Configure my Guvnor's identity component by changing the
> components.xml inside the exploded drools-guvnor directory as follows:-
> <security:identity
> authenticate-method="#{gfauthenticator.authenticate}"
> jaas-config-name="seam"/>
> This ties the inbuilt Seam JAAS LoginModule to the Glassfish realm
> authenticator.
>
> - Add new users to the "file" realm.
>
> - Now the users in the file realm can be authenticated as Guvnor
> users.
>
> Text of the SeamAuthenticator for a Glassfish realm...
>
> <QUOTE>
> package uk.co.mendipit.glassfishrealmauthenticator;
>
> import com.sun.appserv.security.ProgrammaticLogin;
> import java.util.logging.Level;
> import java.util.logging.Logger;
> import org.jboss.seam.annotations.Name;
> import org.jboss.seam.security.Identity;
>
> /**
> *
> * @author Chris Selwyn<chris.selwyn at mendipit.co.uk><chris.selwyn at mendipit.co.uk>
> */
> @Name("gfauthenticator")
> public class GlassfishRealmAuthenticator {
> private Logger logger = Logger.getLogger(this.getClass().getName());
> public boolean authenticate() {
> try {
> String userNm =
> Identity.instance().getCredentials().getUsername();
> String pass =
> Identity.instance().getCredentials().getPassword();
> ProgrammaticLogin plogin = new ProgrammaticLogin();
>
> return plogin.login(userNm, pass, "fileRealm", true);
> } catch (Exception ex) {
>
> logger.log(Level.SEVERE, null, ex);
> return false;
> }
> }
> }
> </QUOTE>
>
> Chris Selwyn
>
> On 01/11/2010 17:50, Chris Selwyn wrote:
>
> I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
> very well.
>
> However, I am now looking to setup authentication of users to the Guvnor
> server and this is where I am finding problems.
>
> I tried writing a class with an "authenticate" method to authenticate
> against a Glassfish realm using ProgrammaticLogin but (as far as I can
> tell) this class is not being used by Guvnor.
>
> Looking at the source, Guvnor appears to only use the
> org.jboss.seam.security.Identity.authenticate method which uses only the
> jaas-config-name value from the components.xml file.
> So I then tried setting the jaas-config-name to "fileRealm" (which
> exists in Glassfish's default login.conf) but now I get
> "javax.security.auth.login.LoginException: No credentials." logged in my
> server.log (and the user get a fail message, naturally).
>
> Has anyone out there managed to configure Guvnor to authenticate against
> a Glassfish realm or JAAS context and would be willing to help me through?
>
> Chris Selwyn
>
> _______________________________________________
> rules-users mailing listrules-users at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/rules-users
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20101102/1ef1e0a5/attachment.html
More information about the rules-users
mailing list