JBRULES
  1. JBRULES
  2. JBRULES-3554

drools-server 5.0.x - cannot pull in rulebases from guvnor >5.2's web URL when authentication is enabled on guvnor

    Details

    • Type: Bug Bug
    • Status: Open Open (View Workflow)
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 5.0.0.FINAL
    • Fix Version/s: None
    • Component/s: drools-core
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
      All OS - only Drools Server 5.0.x connecting to Guvnor > 5.2 with some sort of authentication turned on with security:identity in components.xml
    • Similar Issues:
      Show 10 results 

      Description

      There is an issue in

      org.drools.agent.HttpClientImpl.checkLastUpdated(URL u)

      When the URL passed in is not guest accessible (requires basic authentication), this is not a handled situation in this version of Drools.

      So when you try to use Drools Execution Server to connect rulebase in Guvnor >5.2 (has authentication enabled)... it will fail if the rulebase URL is not guest accessible.

      These two methods need to have authentication added in (marked by START and END NDD).

      public LastUpdatedPing checkLastUpdated(URL url) throws IOException {
      URLConnection con = url.openConnection();
      HttpURLConnection httpCon = (HttpURLConnection) con;
      try {
      // **** START NDD *****
      BASE64Encoder enc = new sun.misc.BASE64Encoder();
      String userpassword = "ad-user" + ":" + "ad-password";
      String encodedAuthorization = enc.encode( userpassword.getBytes() );
      httpCon.setRequestProperty("Authorization", "Basic "+
      encodedAuthorization);
      // **** END NDD *****

      httpCon.setRequestMethod( "HEAD" );

      String lm = httpCon.getHeaderField( "lastModified" );
      LastUpdatedPing ping = new LastUpdatedPing();

      ping.responseMessage = httpCon.getHeaderFields().toString();

      if ( lm != null )

      { ping.lastUpdated = Long.parseLong( lm ); }

      else {
      long httpLM = httpCon.getLastModified();
      if ( httpLM > 0 )

      { ping.lastUpdated = httpLM; }

      }

      return ping;
      } finally

      { httpCon.disconnect(); }

      }

      public Package fetchPackage(URL url) throws IOException,
      ClassNotFoundException {
      URLConnection con = url.openConnection();
      HttpURLConnection httpCon = (HttpURLConnection) con;
      try {

      // **** START NDD *****
      BASE64Encoder enc = new sun.misc.BASE64Encoder();
      String userpassword = "ad-user" + ":" + "ad-password";
      String encodedAuthorization = enc.encode( userpassword.getBytes() );
      httpCon.setRequestProperty("Authorization", "Basic "+
      encodedAuthorization);
      // **** END NDD *****




      httpCon.setRequestMethod( "GET" );

      Object o = DroolsStreamUtils.streamIn( httpCon.getInputStream() );

      if ( o instanceof KnowledgePackageImp ) { return ((KnowledgePackageImp) o).pkg; } else { return (Package) o; }
      } finally { httpCon.disconnect(); }

      }

      Obviously a production scenario would pull those username/password combinations from the .properties file for the rulebase.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Mark Proctor
            Reporter:
            Nicholas DiPiazza
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: