[jboss-user] [JBoss Seam] - security.drl not being enforced
terryb
do-not-reply at jboss.com
Mon Sep 17 02:15:34 EDT 2007
Security rules in security.drl are ignored, or not activated. It logs me in even if I look for non-existing rule.
Do anything need to be done activate a specific rule? please see my configs below:
components.xml:
<drools:rule-base name="securityRules">
<rools:rule-files>/security.drl</drools:rule-files>
</drools:rule-base>
<security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}" emember-me="true"/>
security.drl:
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.PermissionCheck;
import org.jboss.seam.security.Role;
rule EditOrganisation
when
c: PermissionCheck(name == "/OrganisationEdit.xhtml", action="render")
Role(name == "system_adminX")
then
c.grant();
end;
OrganisationEdit.page.xml:
<page no-conversation-view-id="/OrganisationList.xhtml">
...
...
However, security works fine if I put following in OrganisationEdit.page.xml.
#{s:hasRole('system_adminX')}
Please provide any clues.
Thanks,
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4084891#4084891
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4084891
More information about the jboss-user
mailing list