[jboss-user] [JBoss Seam] - [Rules] Seam security and validating entities

andrew.rw.robinson do-not-reply at jboss.com
Fri Aug 10 13:53:03 EDT 2007


I've got the seam rules engine installed and am trying to write a drl file to grant access to my entities. I have a class that is restricted. Relevant beans:

@Name("calendar")
CustomerCalendar {
  members : List
}
CalendarMember {
  user : User
}
User {
  username : String
}

The "CustomerCalendar" entity bean is restricted. I want it to be accessed only by users that are logged in and that are members of the calendar.

So my rules text must be something like:
if (check is read calendar)
and the calendar has a member with the user that is the current logged in user.

My login code has asserted the User object into the security context.

What I've got so far (that is not valid):

  | rule "Read calendar"
  |   no-loop
  |   activation-group "permissions"
  | when
  |   check: PermissionCheck(name == "calendar", action == "read", granted == false)
  |   user: User()
  |   CustomerCalendar(members : members contains CalendarMember(user == user))
  | then
  |   check.grant();
  | end;

How can I write such a rule? The user guide for drools has extremely simple examples of contains (containing strings, not other objects).

Thanks,
Andrew

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4073152#4073152

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4073152



More information about the jboss-user mailing list