[jboss-user] [JBoss Seam] - Security rules for Role in document not working..

tim_ph do-not-reply at jboss.com
Thu Jul 5 18:31:46 EDT 2007

I follow the documentation of Seam 2.0.0.Beta1 to put some security rules to check for page access permission, but it didn't work the way it documented. If anyone can explain how Role got created and used in the framework, that would be real helpful.

In security.drl (as documentation explains in security chapter)

  | package Permissions;
  | import java.security.Principal;
  | import org.jboss.seam.security.PermissionCheck;
  | import org.jboss.seam.security.Role;
  | rule CanUserCreateAccount
  | when
  | 	c: PermissionCheck(name == "/AccountEdit.xhtml", action == "render")
  | 	Role(name == "admin")
  | then
  | 	c.grant();
  | end;
anyone can explain how Role is asserted in there..

in pages.xml

  | 	<page view-id="/AccountEdit.xhtml">
  | 		<restrict/>
  | 	</page>

I got the role added to Identity at authenticate() call and go through another rule working memory with no problem. I see username as "tim as admin" after logged in.

  | rule AssignUserRole
  | when
  | 	i: Identity(username == "tim")
  | then
  | 	i.addRole("admin");
  | 	i.setUsername("tim as admin");
  | end;

... and then I check into error stack and find out that Identity.hasPermission(..) always return false... :( BETA ):

  |    public boolean hasPermission(String name, String action, Object...arg)
  |    {      
  |       return false;
  |    }   

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061059#4061059

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061059

More information about the jboss-user mailing list