Skip to content

How to integrate LDAP with drools workbench for authentication and authorization?

Jump to bottom Edit New page
Rupesh Bhochhibhoya edited this page Dec 11, 2015 · 5 revisions

As you can see this is two steps process, first authentication and then authorization. Drools workbench, does really good job: deferring the authentication mechanism up to the containers. So, you want to use LDAP with Drools wb, you need to look for how to integrate LDAP with your container that you intend you use, for instance Tomcat. Please check my other doc to know more on how to integrate LDAP in your Tomcat server.

Once your LDAP is setup on Tomcat server, You can verify by login into drools-wb, it should let you login but will not show any resources because we still have second to part to complete: Authorization. As explained before, authorization should be handle by the application, where your application decides which resources should be available to which type of roles that user claims to be. The roles means the group names which the user has been assigned in your LDAP directory. For drools-wb application follow the following steps.

  1. Open CATALINA_HOME/webapps/drools-wb/WEB-INF/web.xml file and append following xml inside <web-app> at the end. You need add several of those if you have many groups that needs different privileges. you may already have such <security-role> in this file, like admin and analyst by default, you can delete or rename them with the role names you will going to have or just leave them there)
<security-role>
  <description>camscore is the group name exactly how it is defined in my LDAP directory, and I will be giving an admin privilege for this group.
  </description>
  <role-name>camscore</role-name>
</security-role>

  1. Find all <security-constraint> in this web.xml file, and add these roles like <role-name>camscore</role-name> where applicable to give a authority for these resources. For instance, there is a <security-constraint> with download resource <web-resource-name>download</web-resource-name>. I added <role-name>camscore</role-name> under <auth-constraint> to give access to download resource. You can check my web.xml file here

  2. Open CATALINA_HOME/webapps/drools-wb/WEB-INF/classes/workbench-policy.properties file and to the end where you can grant various roles per feature basis. For instance, I have camscore group where I granted all features but just assets_management for bizusers. you can check my workbench-policy.properties file here

https://groups.google.com/forum/#!msg/drools-setup/1UMQuG4UwmA/WEx16WXICAAJ https://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/appcenter/r_ac_tom_ldap.html http://ldapwiki.willeke.com/wiki/Tomcat%20And%20LDAP

Add a custom footer
Add a custom sidebar
Clone this wiki locally