Drools-guvnor manage access part-2

Using lightweight container Tomcat and Mysql server – Configuring drools-guvnor JAAS authentication module

Prequisites: Working with Drools Guvnor 5.3 deployed in Apache tomcat 6 running with Mysql 5.JDK version 1.6

0 – Deploy guvnor application with context name drools-guvnor. All users are guests then go the administration panel and set authorization for user admin or create another user with authorizations. Stop the server and we are going to enable Jaas database authentication

1 – Create authdb schema with guvnorusers table in mysql database.

CREATE TABLE guvnorusers (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
);
INSERT INTO guvnorusers values (1,"admin","admin");

2 – Build a custom loginModule
Here you can find the maven source project for the custom login module drools login project sources
Just compile it and build a maven jar artifact.

3 – In %TOMCAT_HOME%/lib
Copy the loginModule exported jar file and the mysql connector jar.

4 – In %TOMCAT_HOME%/conf/context.xml, we add a resource declaration

<Resource name="jdbc/URDroolsDS" auth="Container"
	type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver"
	url="jdbc:mysql://yourserveradress:3306/authdb" username="dbuser"
	password="dbuserpassword" maxActive="20" maxIdle="10" maxWait="-1" />

5 – Update %TOMCAT_HOME%/webapps/drools-guvnor/WEB-INF/components.xml
to configure our repository to use external database and security settings

<security:identity authenticate-method="#{authenticator.authenticate}"
     jaas-config-name="drools-guvnor"/>

<security:role-based-permission-resolver
     enable-role-based-authorization="true"/>

6 – Update %TOMCAT_HOME%/conf/server.xml to add a Realm declaration

<Realm className="org.apache.catalina.realm.LockOutRealm">
...
<Realm appName="drools-guvnor"
  className="com.test.droolsproto.loginmodule.realm.DroolsJaasRealm"
  dataSourceName="jdbc/URDroolsDS" localDataSource="true"/>
...
</Realm>

7 – Create a file jaasConfig on %TOMCAT_HOME%/conf with this content:
drools-guvnor{
com.test.droolsproto.loginmodule.DroolsLoginModule
required debug=true;
};

8 – Before runing Tomcat create in %TOMCAT_HOME%/bin a setenv.sh file if you running on linux or setenv.bat on windows with this content (Working on linux)

JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
export JAVA_OPTS

Now it’s time to restart your guvnor server and check authentication!

About these ads
  1. #1 by nid_help on December 20, 2011 - 11:56 pm

    Hi, ive tried this one and got an error on tomcat logs

    21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘dataSourceName’ to ‘jdbc/URDroolsDS’ did not find a matching property.
    21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘localDataSource’ to ‘true’ did not find a matching property.

    It somehow cannot find the resource settings in context.xml. Any ideas?

    • #2 by ngjweb on December 22, 2011 - 9:24 am

      Hi, the localDataSource attribute is set when you create a dataSource in the context.xml. If not you should use global resource definition in server.xml.

  2. #3 by Titus George on April 20, 2012 - 4:41 pm

    For Windows system, the setup JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
    export JAVA_OPTS is to be provided within setclasspath.bat within Tomcat bin folder.

  3. #4 by Sri on August 8, 2013 - 6:11 pm

    Hi,
    After doing everything I get following error message. I tried to to debug and I see username quest is being passed to loginModule and I don’t see any login window for guvnor. How would I configure guvnor to see login window that way I can put valid username and password?

    ERROR 08-08 11:07:04,600 (Logger.java:error:1092) JAAS authentication fai
    led
    javax.security.auth.login.LoginException: Security Exception
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
    86)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
    80)

  4. #5 by gjurin on March 16, 2014 - 3:19 pm

    I provided some updates into this post. The module sources are now into a public bitbucket repository and you have some package updates into tomcat files. Hope it helps

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: