我在一个金融行业的BRMS技术项目。使用Drools Guvnor 5.5.0。最后使用jboss-as-7.2.0。Alpha1-SNAPSHOT服务器。我使用jaas成功地配置了登录页面。现在我需要有基于角色的权限。但还没能付诸实施。bean,xml是
<security:IdentityImpl>
<s:modifies/>
<!-- No real authentication: demo authentication for demo purposes -->
<!--<security:authenticatorClass>org.drools.guvnor.server.security.DemoAuthenticator</security:authenticatorClass>-->
<!-- JAAS based authentication -->
<security:authenticatorName>jaasAuthenticator</security:authenticatorName>
<!-- IDM based authentication (supports LDAP, see Seam 3 and PicketLink IDM documentation) -->
<!--<security:authenticatorClass>org.jboss.seam.security.management.IdmAuthenticator</security:authenticator>-->
</security:IdentityImpl>
<security:jaas.JaasAuthenticator>
<s:modifies/>
<!--
The following one will use the jaas configuration called "other",
which in jboss AS means you can use properties files for users.
-->
<s:jaasConfigName>other</s:jaasConfigName>
</security:jaas.JaasAuthenticator>
<!-- SECURITY AUTHORIZATION CONFIGURATION -->
<!--
This is used to enable or disable role-based authorization. By default it is disabled.
-->
<component name="org.jboss.seam.security.permission.PermissionResolver">
<property name="enableRoleBasedAuthorization">true</property>
</component>
AND THE standalone.xml是
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
<module-option name="defaultUsersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="defaultRolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
已解决。问题是seam的一个类文件和beans.xml的配置
在我的案例中,需要对Drools进行三个特定的更改才能获得Drools Guvnor 5.5.0。最后使用JBoss EAP 6(基于AS 7.1,应该转换为AS 7.2):修复XML,替换seam-security,并修补Guvnor文件。
在beans.xml中,jaasConfigName标记没有指定名称空间并导致错误。通过将jaasConfigName更改为security:jaasConfigName来修复此问题。
<security:jaas.JaasAuthenticator>
<s:modifies/>
<!--
The following one will use the jaas configuration called "other",
which in jboss AS means you can use properties files for users.
-->
<security:jaasConfigName>other</security:jaasConfigName>
</security:jaas.JaasAuthenticator>
Guvnor使用的Seam Security版本包含一个bug。要解决这个问题,修改总督战争:将seam-security-3.1.0.Final.jar替换为seam-security-3.2.0.Final.jar,将seam-security-api-3.1.0.Final.jar替换为seam-security-api-3.2.0.Final.jar。
Guvnor的SecurityServiceImpl类包含一个错误。要解决这个问题,可以按照http://drools.46999.n3.nabble.com/How-configure-Guvnor-5-4-JAAS-with-jboss-7-0-2-tp4020424p4020854.html
修补并重新编译这个类注意Seam Security和SecurityServiceImpl的bug已经在vnor 5.5中得到了解决。因此,解决这些问题的最简单的解决方案可能是下载并构建最新版本。(这就是我所做的)
有了这些更改,身份验证和基于角色的授权应该都可以工作了。在我的测试环境中,我演示了包限制的开发人员访问。
背景信息参见https://community.jboss.org/thread/206645, https://issues.jboss.org/browse/GUVNOR-1989, https://issues.jboss.org/browse/GUVNOR-1976, http://drools.46999.n3.nabble.com/How-configure-Guvnor-5-4-JAAS-with-jboss-7-0-2-td4020424.html和http://drools.46999.n3.nabble.com/rules-users-Error-JAAS-Authentication-with-Guvnor-5-5-0-and-Authorization-Error-tt4023826.html
为管理员访问提供适当的认证。
https://community.jboss.org/message/817783 817783