Using lightweight container Tomcat and Mysql server – Configuring drools-guvnor JAAS authentication module
Prequisites: Working with Drools Guvnor 5.3 deployed in Apache tomcat 6 running with Mysql 5.JDK version 1.6
0 – Deploy guvnor application with context name drools-guvnor. All users are guests then go the administration panel and set authorization for user admin or create another user with authorizations. Stop the server and we are going to enable Jaas database authentication
1 – Create authdb schema with guvnorusers table in mysql database.
CREATE TABLE guvnorusers ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `username` varchar(255) DEFAULT NULL, `password` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ); INSERT INTO guvnorusers values (1,"admin","admin");
2 – Build a custom loginModule
Download my custom loginModule sources customloginmodule_sources
Compile and export this sources as java archive (jar).
3 – In %TOMCAT_HOME%/lib
Copy the loginModule exported jar file and the mysql connector jar.
4 – In %TOMCAT_HOME%/conf/context.xml, we add a resource declaration
<Resource name="jdbc/URDroolsDS" auth="Container" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://yourserveradress:3306/authdb" username="dbuser" password="dbuserpassword" maxActive="20" maxIdle="10" maxWait="-1" />
5 – Update %TOMCAT_HOME%/webapps/drools-guvnor/WEB-INF/components.xml
to configure our repository to use external database and security settings
<security:identity authenticate-method="#{authenticator.authenticate}"
jaas-config-name="drools-guvnor"/>
<security:role-based-permission-resolver
enable-role-based-authorization="true"/>
6 – Update %TOMCAT_HOME%/conf/server.xml to add a Realm declaration
<Realm className="org.apache.catalina.realm.LockOutRealm"> ... <Realm appName="drools-guvnor" className="com.test.droolsproto.loginModule.Realm.DroolsJaasRealm" dataSourceName="jdbc/URDroolsDS" localDataSource="true"/> ... </Realm>
7 – Create a file jaasConfig on %TOMCAT_HOME%/conf with this content:
drools-guvnor{
com.test.droolsproto.loginModule.module.DroolsLoginModule
required debug=true;
};
8 – Before runing Tomcat create in %TOMCAT_HOME%/bin a setenv.sh file if you running on linux or setenv.bat on windows with this content (Working on linux)
…
JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
export JAVA_OPTS
…
Now it’s time to restart your guvnor server and check authentication!
#1 by nid_help on December 20, 2011 - 11:56 pm
Hi, ive tried this one and got an error on tomcat logs
21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘dataSourceName’ to ‘jdbc/URDroolsDS’ did not find a matching property.
21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘localDataSource’ to ‘true’ did not find a matching property.
It somehow cannot find the resource settings in context.xml. Any ideas?
#2 by ngjweb on December 22, 2011 - 9:24 am
Hi, the localDataSource attribute is set when you create a dataSource in the context.xml. If not you should use global resource definition in server.xml.
#3 by Titus George on April 20, 2012 - 4:41 pm
For Windows system, the setup JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
export JAVA_OPTS is to be provided within setclasspath.bat within Tomcat bin folder.