| Summary: | Out-of-the-box authentication for BRMS | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise BRMS Platform 5 | Reporter: | Tihomir Surdilovic <tsurdilo> |
| Component: | BRM (Guvnor) | Assignee: | manstis |
| Status: | NEW --- | QA Contact: | Jiri Locker <jlocker> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Target Release: | future | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/BRMS-411 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Feature Request | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
securitylevel_name: Public Currently the default authentication setting in components.xml for BRMS uses the jmx-console jaas configuration. In EWP and EAP where BRMS is deployed the default jmx-console-users.properties has the admin=admin user credentials commented. This forces BRMS users to have to modify this file before they can start using BRMS which does not provide an out-of-the-box experience. Two options that come to mind: a) disable authentication by default and document how to enable it b) create a brms-specific jaas profile (do not use jxm-console). This can be accomplished with following steps: * - Navigate to $jboss/server/$cofig/conf/props directory and create two files, namely brms-roles.properties + brms=admin - and brms-users.properties + brms=brms - Open the $jboss/server/$config/conf/login-config.xml file and add the following now <application-policy name = "brms"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/brms-users.properties</module-option> <module-option name="rolesProperties">props/brms-roles.properties</module-option> </login-module> </authentication> </application-policy> - In the $brms/WEB-INF/components.xml change the jxm-console jaas-config-name to "brms", so change <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="jmx-console"/> to <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="brms"/>