1 Reply Latest reply on May 31, 2013 3:54 PM by Zahid Ahmed Prs

    Enable Role based authentication in Guvnor with JBoss 7

    Jeyalakshmi Ramachandran Newbie

      My version of the drools guvnor is 5.5.0.Final, the Jboss is 7.1.1.


      I tried to change guvnor to use jaas to login, so I added the configuraions as followed

       

      1. I changed beans.xml in web-inf of drools-guvnor as

       

       

        <security:IdentityImpl>

      <s:modifies/>

      <!-- JAAS based authentication -->

      <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

        </security:IdentityImpl>

       

      <security:jaas.JaasAuthenticator>

      <s:modifies/>

      <security:jaasConfigName>drools-guvnor</security:jaasConfigName>

      </security:jaas.JaasAuthenticator>

       

       

      <!-- SECURITY AUTHORIZATION CONFIGURATION -->

      <!--

      This is used to enable or disable role-based authorization. By default it is disabled.

      -->

       

        <guvnorSecurity:RoleBasedPermissionResolver>

      <s:modifies/>

      <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

      </guvnorSecurity:RoleBasedPermissionResolver>

       

      2. Modified standlone.xml as

       

                      <security-domain name="drools-guvnor" cache-type="default">

                          <authentication>

                              <login-module code="UsersRoles" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      I deployed this drools-guvnor war in jboss, and when I try to access localhost:8080/drools-guvnor..I am getting

      Error “This User has no permission setup”.

       

      3. If I disable the role based permission <guvnorSecurity:RoleBasedPermissionResolver>, then I am not getting any error and I was able to login to guvnor. But the problem with that setup is every user is able to access all the packages as well as Administration tab.

       

      4. My requirement is to allow specific users to access only specific packages.

       

      Pleas guide me where I am making mistake.

       

      Thanks,

      Jeyalakshmi.