[jboss-user] [JBoss Seam] - strange behaviour with security rules 2.0.1GA
jamesjmp
do-not-reply at jboss.com
Tue Feb 12 06:51:30 EST 2008
hi!
I have just started to work with the latest releases (SEAM 2.0.1.GA and JBOSS 4.2.2)
I am testing the security and something strange happens with my application.
Restrictions defined in my pages.xml with s:hasRole work ok, but in the .drl file they are not working properly.
This is my authenticate method:
| public boolean authenticate() {
| if (((identity.getUsername().equalsIgnoreCase("admin")) && (identity.getPassword().equalsIgnoreCase("hola")))) {
| identity.addRole("adminGral");
| return true;
| }
| else if (((identity.getUsername().equalsIgnoreCase("simpleuser")) && (identity.getPassword().equalsIgnoreCase("bonjour")))) {
| identity.addRole("user");
| return true;
| }
| }
|
This are restrictions defined in pages.xml:
| <page view-id="/FirmChoose.xhtml">
| <restrict>#{s:hasRole('adminGral')}</restrict>
| </page>
|
| <page view-id="/FirmList.xhtml">
| <restrict/>
| </page>
|
and this is the rule defined in my security.drl
| rule FirmList
| when
| c: PermissionCheck(name == "/FirmList.xhtml", action == "render")
| Role(name == "adminGral")
| then
| c.grant();
| end;
|
When I authenticate with simpleuser as it has user role I may not access to
the restricted pages (FirmList and FirmChoose) and the following exception appears:
12:27:41,671 ERROR [SeamPhaseListener] uncaught exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for permission [/FirmList.xhtml,render]
at org.jboss.seam.security.Identity.checkPermission(Identity.java:486)
at org.jboss.seam.navigation.Page.checkPermission(Page.java:214)
at org.jboss.seam.navigation.Page.preRender(Page.java:238)
at org.jboss.seam.navigation.Pages.preRender(Pages.java:309)
at org.jboss.seam.jsf.SeamPhaseListener.preRenderPage(SeamPhaseListener.java:549)
at org.jboss.seam.jsf.SeamPhaseListener.beforeRenderResponse(SeamPhaseListener.java:460)
at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:144)
at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:114)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:222)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
....
That is ok. But on the other hand if I authenticate with admin, I am allowed to access to FirmChoose ( #{s:hasRole('adminGral')} works perfectly) but howewer I may not acces to FirmList (FirmList does not grant my access in spite of having adminGral role)
I wonder if I have missed to configure something or if I am doing something wrong. (hope it not to be a bug)
thanks in advance!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4128702#4128702
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4128702
More information about the jboss-user
mailing list