Externalize business or technical rules is very important for scalable applications but the BRMS service access should be managed. guvnor provides control UI access and operations using role based authorizations.
There are several permissions types as listed in drools-guvnor reference manual.
Admin with all permissions.
Analyst or Analyst read-only: analyst permissions for a specific category.
Package admin, Package developer or Package read-only: package permissions for a specific package.
- Allow user authentication control by updating the file compenent.xml located into the server deployed folder
...
<component name="org.jboss.seam.security.roleBasedPermissionResolver>
<property name="enableRoleBasedAuthorization">false</property>
</component>
// change false to true
...
Embedded Guvnor in Jboss server control access configuration:
Stop guvnor server if started in user guest mode and enable role based authorization.
Add drools-guvnor access policy in the file login-config.xml located in server/default/conf
<application-policy name="drools-guvnor"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> props/drools-guvnor-users.properties</module-option> <module-option name="rolesProperties"> props/drools-guvnor-roles.properties</module-option> </login-module> </authentication> </application-policy>
Create properties files for users and roles with respective contents:
# A roles.properties file for UsersRolesLoginModule (drools-guvnor-roles.properties)
superuser=admin
packuser=package.admin
rulesviewer=package.readonly
# A users.properties file for UsersRolesLoginModule (drools-guvnor-users.properties)
rulesviewer=drools
packuser=proto
superuser=admin
Restart the Jboss guvnor server and log into web interface using created accounts.
