[JBoss Seam] - Security rules for Role in document not working..
by tim_ph
I follow the documentation of Seam 2.0.0.Beta1 to put some security rules to check for page access permission, but it didn't work the way it documented. If anyone can explain how Role got created and used in the framework, that would be real helpful.
In security.drl (as documentation explains in security chapter)
| package Permissions;
|
| import java.security.Principal;
| import org.jboss.seam.security.PermissionCheck;
| import org.jboss.seam.security.Role;
|
| rule CanUserCreateAccount
| when
| c: PermissionCheck(name == "/AccountEdit.xhtml", action == "render")
| Role(name == "admin")
| then
| c.grant();
| end;
|
anyone can explain how Role is asserted in there..
in pages.xml
| <page view-id="/AccountEdit.xhtml">
| <restrict/>
| </page>
|
I got the role added to Identity at authenticate() call and go through another rule working memory with no problem. I see username as "tim as admin" after logged in.
| rule AssignUserRole
| when
| i: Identity(username == "tim")
| then
| i.addRole("admin");
| i.setUsername("tim as admin");
| end;
|
... and then I check into error stack and find out that Identity.hasPermission(..) always return false... :( BETA ):
| public boolean hasPermission(String name, String action, Object...arg)
| {
| return false;
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061059#4061059
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061059
18Â years, 9Â months