[rules-users] Authorisation of Guvnor users on Glassfish

Chris Selwyn chris at selwyn-family.me.uk
Wed Nov 10 09:44:18 EST 2010 

And further...

In order to provide capability to configure the realm (rather than 
hardcoding it), I have made the small modification to the 
GlassfishRealmAuthenticator as follows...

<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;

import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;

/**
  *
  * @author Chris Selwyn<chris.selwyn at mendipit.co.uk>
  */
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
     private Logger logger = Logger.getLogger(this.getClass().getName());

     private String realm;

     public boolean authenticate() {
         try {
             String userNm = 
Identity.instance().getCredentials().getUsername();
             String pass = 
Identity.instance().getCredentials().getPassword();
             ProgrammaticLogin plogin = new ProgrammaticLogin();

             return plogin.login(userNm, pass, realm, true);
         } catch (Exception ex) {

             logger.log(Level.SEVERE, null, ex);
             return false;
         }
     }

     public void setRealm(String realm) {
         this.realm = realm;
     }
}
</QUOTE>

This allows the following to be put into the components.xml

<component name="gfauthenticator">
<property name="realm">fileRealm</property>
</component>

This allows configuration of the file realm by appropriate modification 
of Seam's components.xml.

(please excuse my ramblings... I am still learning about Seam!)

Chris

On 02/11/2010 10:37, Chris Selwyn wrote:
> To answer my own question (and record a method that works for 
> posterity)...
>
> What I did was:-
>
>     * Configure my Glassfish domain's login.conf with a "seam"
>       LoginModule as follows
>       seam {
>           org.jboss.seam.security.jaas.SeamLoginModule required;
>       };
>
>     * Create a Seam authenticator that authenticates against a
>       Glassfish realm using Glassfish's ProgrammaticLogin as shown below.
>       The code in the authenticator uses the hardcoded realm called
>       "fileRealm". Maybe I need to find a way to configure that.
>
>     * Configure my Guvnor's identity component by changing the
>       components.xml inside the exploded drools-guvnor directory as
>       follows:-
>       <security:identity
>       authenticate-method="#{gfauthenticator.authenticate}"
>       jaas-config-name="seam"/>
>       This ties the inbuilt Seam JAAS LoginModule to the Glassfish
>       realm authenticator.
>
>     * Add new users to the "file" realm.
>
>     * Now the users in the file realm can be authenticated as Guvnor
>       users.
>
> Text of the SeamAuthenticator for a Glassfish realm...
>
> <QUOTE>
> package uk.co.mendipit.glassfishrealmauthenticator;
>
> import com.sun.appserv.security.ProgrammaticLogin;
> import java.util.logging.Level;
> import java.util.logging.Logger;
> import org.jboss.seam.annotations.Name;
> import org.jboss.seam.security.Identity;
>
> /**
>  *
>  * @author Chris Selwyn<chris.selwyn at mendipit.co.uk>
>  */
> @Name("gfauthenticator")
> public class GlassfishRealmAuthenticator {
>     private Logger logger = Logger.getLogger(this.getClass().getName());
>     public boolean authenticate() {
>         try {
>             String userNm = 
> Identity.instance().getCredentials().getUsername();
>             String pass = 
> Identity.instance().getCredentials().getPassword();
>             ProgrammaticLogin plogin = new ProgrammaticLogin();
>
>             return plogin.login(userNm, pass, "fileRealm", true);
>         } catch (Exception ex) {
>
>             logger.log(Level.SEVERE, null, ex);
>             return false;
>         }
>     }
> }
> </QUOTE>
>
> Chris Selwyn
>
> On 01/11/2010 17:50, Chris Selwyn wrote:
>> I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
>> very well.
>>
>> However, I am now looking to setup authentication of users to the Guvnor
>> server and this is where I am finding problems.
>>
>> I tried writing a class with an "authenticate" method to authenticate
>> against a Glassfish realm using ProgrammaticLogin but (as far as I can
>> tell) this class is not being used by Guvnor.
>>
>> Looking at the source, Guvnor appears to only use the
>> org.jboss.seam.security.Identity.authenticate method which uses only the
>> jaas-config-name value from the components.xml file.
>> So I then tried setting the jaas-config-name to "fileRealm" (which
>> exists in Glassfish's default login.conf) but now I get
>> "javax.security.auth.login.LoginException: No credentials." logged in my
>> server.log (and the user get a fail message, naturally).
>>
>> Has anyone out there managed to configure Guvnor to authenticate against
>> a Glassfish realm or JAAS context and would be willing to help me through?
>>
>> Chris Selwyn
>>
>> _______________________________________________
>> rules-users mailing list
>> rules-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-users
>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG -www.avg.com
>> Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
>
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20101110/ee006226/attachment.html

More information about the rules-users mailing list