[jboss-user] [JBoss Seam] - security.drl not being enforced

terryb do-not-reply at jboss.com
Mon Sep 17 02:15:34 EDT 2007


Security rules in security.drl are ignored, or not activated. It logs me in even if I look for non-existing rule.

Do anything need to be done activate a specific rule? please see my configs below:

components.xml:
<drools:rule-base name="securityRules">
 <rools:rule-files>/security.drl</drools:rule-files>
</drools:rule-base>

<security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}" emember-me="true"/>


security.drl:
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.PermissionCheck;
import org.jboss.seam.security.Role;

rule EditOrganisation
when
  c: PermissionCheck(name == "/OrganisationEdit.xhtml", action="render")
  Role(name == "system_adminX")
then
  c.grant();
end;

OrganisationEdit.page.xml:

 <page no-conversation-view-id="/OrganisationList.xhtml">
 
 ...
 ...
 

However, security works fine if I put following in OrganisationEdit.page.xml.

#{s:hasRole('system_adminX')}

Please provide any clues.

Thanks,



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4084891#4084891

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4084891



More information about the jboss-user mailing list