And further...
In order to provide capability to configure the realm (rather than
hardcoding it), I have made the small modification to the
GlassfishRealmAuthenticator as follows...
<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;
import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
/**
*
* @author Chris Selwyn<chris.sel...@mendipit.co.uk>
*/
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
private Logger logger = Logger.getLogger(this.getClass().getName());
private String realm;
public boolean authenticate() {
try {
String userNm =
Identity.instance().getCredentials().getUsername();
String pass =
Identity.instance().getCredentials().getPassword();
ProgrammaticLogin plogin = new ProgrammaticLogin();
return plogin.login(userNm, pass, realm, true);
} catch (Exception ex) {
logger.log(Level.SEVERE, null, ex);
return false;
}
}
public void setRealm(String realm) {
this.realm = realm;
}
}
</QUOTE>
This allows the following to be put into the components.xml
<component name="gfauthenticator">
<property name="realm">fileRealm</property>
</component>
This allows configuration of the file realm by appropriate modification
of Seam's components.xml.
(please excuse my ramblings... I am still learning about Seam!)
Chris
On 02/11/2010 10:37, Chris Selwyn wrote:
To answer my own question (and record a method that works for
posterity)...
What I did was:-
* Configure my Glassfish domain's login.conf with a "seam"
LoginModule as follows
seam {
org.jboss.seam.security.jaas.SeamLoginModule required;
};
* Create a Seam authenticator that authenticates against a
Glassfish realm using Glassfish's ProgrammaticLogin as shown below.
The code in the authenticator uses the hardcoded realm called
"fileRealm". Maybe I need to find a way to configure that.
* Configure my Guvnor's identity component by changing the
components.xml inside the exploded drools-guvnor directory as
follows:-
<security:identity
authenticate-method="#{gfauthenticator.authenticate}"
jaas-config-name="seam"/>
This ties the inbuilt Seam JAAS LoginModule to the Glassfish
realm authenticator.
* Add new users to the "file" realm.
* Now the users in the file realm can be authenticated as Guvnor
users.
Text of the SeamAuthenticator for a Glassfish realm...
<QUOTE>
package uk.co.mendipit.glassfishrealmauthenticator;
import com.sun.appserv.security.ProgrammaticLogin;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.security.Identity;
/**
*
* @author Chris Selwyn<chris.sel...@mendipit.co.uk>
*/
@Name("gfauthenticator")
public class GlassfishRealmAuthenticator {
private Logger logger = Logger.getLogger(this.getClass().getName());
public boolean authenticate() {
try {
String userNm =
Identity.instance().getCredentials().getUsername();
String pass =
Identity.instance().getCredentials().getPassword();
ProgrammaticLogin plogin = new ProgrammaticLogin();
return plogin.login(userNm, pass, "fileRealm", true);
} catch (Exception ex) {
logger.log(Level.SEVERE, null, ex);
return false;
}
}
}
</QUOTE>
Chris Selwyn
On 01/11/2010 17:50, Chris Selwyn wrote:
I am using Guvnor 2.1.1 on Glassfish 2.1 and mostly it seems to work
very well.
However, I am now looking to setup authentication of users to the Guvnor
server and this is where I am finding problems.
I tried writing a class with an "authenticate" method to authenticate
against a Glassfish realm using ProgrammaticLogin but (as far as I can
tell) this class is not being used by Guvnor.
Looking at the source, Guvnor appears to only use the
org.jboss.seam.security.Identity.authenticate method which uses only the
jaas-config-name value from the components.xml file.
So I then tried setting the jaas-config-name to "fileRealm" (which
exists in Glassfish's default login.conf) but now I get
"javax.security.auth.login.LoginException: No credentials." logged in my
server.log (and the user get a fail message, naturally).
Has anyone out there managed to configure Guvnor to authenticate against
a Glassfish realm or JAAS context and would be willing to help me through?
Chris Selwyn
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
-----
No virus found in this message.
Checked by AVG -www.avg.com
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
No virus found in this message.
Checked by AVG - www.avg.com <http://www.avg.com>
Version: 10.0.1153 / Virus Database: 424/3232 - Release Date: 11/01/10
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users