Drools-guvnor manage access part-2

Using lightweight container Tomcat and Mysql server – Configuring drools-guvnor JAAS authentication module

Prequisites: Working with Drools Guvnor 5.3 deployed in Apache tomcat 6 running with Mysql 5.JDK version 1.6

0 – Deploy guvnor application with context name drools-guvnor. All users are guests then go the administration panel and set authorization for user admin or create another user with authorizations. Stop the server and we are going to enable Jaas database authentication

1 – Create authdb schema with guvnorusers table in mysql database.

CREATE TABLE guvnorusers (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
INSERT INTO guvnorusers values (1,"admin","admin");

2 – Build a custom loginModule
Here you can find the maven source project for the custom login module drools login project sources
Just compile it and build a maven jar artifact.

3 – In %TOMCAT_HOME%/lib
Copy the loginModule exported jar file and the mysql connector jar.

4 – In %TOMCAT_HOME%/conf/context.xml, we add a resource declaration

<Resource name="jdbc/URDroolsDS" auth="Container"
	type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver"
	url="jdbc:mysql://yourserveradress:3306/authdb" username="dbuser"
	password="dbuserpassword" maxActive="20" maxIdle="10" maxWait="-1" />

5 – Update %TOMCAT_HOME%/webapps/drools-guvnor/WEB-INF/components.xml
to configure our repository to use external database and security settings

<security:identity authenticate-method="#{authenticator.authenticate}"


6 – Update %TOMCAT_HOME%/conf/server.xml to add a Realm declaration

<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm appName="drools-guvnor"
  dataSourceName="jdbc/URDroolsDS" localDataSource="true"/>

7 – Create a file jaasConfig on %TOMCAT_HOME%/conf with this content:
required debug=true;

8 – Before runing Tomcat create in %TOMCAT_HOME%/bin a setenv.sh file if you running on linux or setenv.bat on windows with this content (Working on linux)

JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
export JAVA_OPTS

Now it’s time to restart your guvnor server and check authentication!


5 thoughts on “Drools-guvnor manage access part-2

  1. Hi, ive tried this one and got an error on tomcat logs

    21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘dataSourceName’ to ‘jdbc/URDroolsDS’ did not find a matching property.
    21/12/2011 9:53:26 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm/Realm} Setting property ‘localDataSource’ to ‘true’ did not find a matching property.

    It somehow cannot find the resource settings in context.xml. Any ideas?

  2. For Windows system, the setup JAVA_OPTS=”-Xms128m -Xmx256m -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaasConfig”
    export JAVA_OPTS is to be provided within setclasspath.bat within Tomcat bin folder.

  3. Hi,
    After doing everything I get following error message. I tried to to debug and I see username quest is being passed to loginModule and I don’t see any login window for guvnor. How would I configure guvnor to see login window that way I can put valid username and password?

    ERROR 08-08 11:07:04,600 (Logger.java:error:1092) JAAS authentication fai
    javax.security.auth.login.LoginException: Security Exception
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6

  4. I provided some updates into this post. The module sources are now into a public bitbucket repository and you have some package updates into tomcat files. Hope it helps

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s