-
1. Re: How to use Seam Extended Security without Rule Engine?
Yes it is possible.
Extend the Identity class and override the hasPermission(String name, String action, Object...arg) method. -
2. Re: How to use Seam Extended Security without Rule Engine?
Or override the evaluateExpression(String expr) method.
-
3. Re: How to use Seam Extended Security without Rule Engine?
What about the configuration? When using the Rule engine one would specify it in the components.xml. I assume I would leave that out and only specify that I use the basic Seam security despite the application of e.g. s:hasPermission and such.
However, I am not sure if in this case that extended security can really be used. Has anybody tested this approach? -
4. Re: How to use Seam Extended Security without Rule Engine?
Hi Shane,
I think RuleBasedIdentity should have a different component @Name instead of the same @Name with Identity, so user can choose whether to use RuleBasedIdentity component or the Identity component. -
5. Re: How to use Seam Extended Security without Rule Engine?
"wchico2" wrote:
What about the configuration? When using the Rule engine one would specify it in the components.xml. I assume I would leave that out and only specify that I use the basic Seam security despite the application of e.g. s:hasPermission and such.
Just use the 'normal' Seam security configuration:<security:identity authenticate-method="#{authenticatorService.authenticate}"/>"wchico2" wrote:
However, I am not sure if in this case that extended security can really be used. Has anybody tested this approach?
Yes, I have :-)
I'm not using this approach anymore - I'm using JBoss Rules.
Here is an example without JBoss Rules - Java based permissions control:
@Name("org.jboss.seam.security.identity") @Scope(ScopeType.SESSION) @Install(precedence = Install.APPLICATION) @BypassInterceptors @Startup public class SineIdentity extends Identity { private static final LogProvider log = Logging.getLogProvider(SineIdentity.class); private static Set<String> permissionsMethods = new HashSet<String>(); private Set<String> roles = new HashSet<String>(); static { permissionsMethods.add("hasPermissionLms"); permissionsMethods.add("hasPermissionOrderTerminalsAndAddons"); permissionsMethods.add("hasPermissionTerminalsConnection"); permissionsMethods.add("hasPermissionUpdateOperationStatus"); permissionsMethods.add("hasPermissionViewOperationStatus"); permissionsMethods.add("hasPermissionUploadDocuments"); permissionsMethods.add("hasPermissionViewSystemDocuments"); permissionsMethods.add("hasPermissionViewStandardDocuments"); permissionsMethods.add("hasPermissionUploadReports"); permissionsMethods.add("hasPermissionViewDynamicsReports"); permissionsMethods.add("hasPermissionViewType1Reports"); permissionsMethods.add("hasPermissionViewType2Reports"); permissionsMethods.add("hasPermissionQuestionnaireParticipation"); permissionsMethods.add("hasPermissionUserAdministration"); permissionsMethods.add("hasPermissionAdministrator"); // Administrator only ! } @Override public boolean addRole(String role) { if (log.isDebugEnabled()) { log.debug("Adding role: " + role); } roles.add(role); return super.addRole(role); } @Override protected boolean evaluateExpression(String expr) { if (permissionsMethods.contains(expr)) { FacesContext context = FacesContext.getCurrentInstance(); MethodExpression method = context.getApplication().getExpressionFactory().createMethodExpression( context.getELContext(), "#{identity." + expr + "}", Boolean.class, new Class[] {}); if (log.isDebugEnabled()) { log.debug("SineIdentity: evaluateExpression(String expr) invoked."); } return (Boolean) method.invoke(FacesContext.getCurrentInstance().getELContext(), new Object[] {}); } else { if (log.isDebugEnabled()) { log.debug("Identity: evaluateExpression(String expr) invoked."); } return super.evaluateExpression(expr); } } public boolean hasPermissionLms() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionLms: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.LMS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionLms: " + hasPermission); } return hasPermission; } public boolean hasPermissionOrderTerminalsAndAddons() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionOrderTerminalsAndAddons: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.ORDER_TERMINALS_AND_ADDONS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionOrderTerminalsAndAddons: " + hasPermission); } return hasPermission; } public boolean hasPermissionTerminalsConnection() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionTerminalsConnection: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.TERMINALS_CONNECTION.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionTerminalsConnection: " + hasPermission); } return hasPermission; } public boolean hasPermissionUpdateOperationStatus() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionUpdateOperationStatus: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.UPDATE_OPERATION_STATUS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionUpdateOperationStatus: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewOperationStatus() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewOperationStatus: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_OPERATION_STATUS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewOperationStatus: " + hasPermission); } return hasPermission; } public boolean hasPermissionUploadDocuments() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionUploadDocuments: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.UPLOAD_DOCUMENTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionUploadDocuments: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewSystemDocuments() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewSystemDocuments: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_SYSTEM_DOCUMENTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewSystemDocuments: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewStandardDocuments() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewStandardDocuments: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_STANDARD_DOCUMENTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewStandardDocuments: " + hasPermission); } return hasPermission; } public boolean hasPermissionUploadReports() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionUploadReports: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.UPLOAD_REPORTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionUploadReports: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewDynamicsReports() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewDynamicsReports: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_DYNAMICS_REPORTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewDynamicsReports: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewType1Reports() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewType1Reports: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_TYPE1_REPORTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewType1Reports: " + hasPermission); } return hasPermission; } public boolean hasPermissionViewType2Reports() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionViewType2Reports: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.VIEW_TYPE2_REPORTS.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionViewType2Reports: " + hasPermission); } return hasPermission; } public boolean hasPermissionQuestionnaireParticipation() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionQuestionnaireParticipation: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.QUESTIONNAIRE_PARTICIPATION.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionQuestionnaireParticipation: " + hasPermission); } return hasPermission; } public boolean hasPermissionUserAdministration() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionUserAdministration: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.USER_ADMINISTRATION.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionUserAdministration: " + hasPermission); } return hasPermission; } public boolean hasPermissionAdministrator() { if (!isLoggedIn()) { if (log.isDebugEnabled()) { log.debug("hasPermissionAdministrator: not logged in"); } return false; } boolean hasPermission = false; for (String role : roles) { if (RolePermissionType.ADMINISTRATOR.hasRolePermission(role)) { hasPermission = true; break; } } if (log.isDebugEnabled()) { log.debug("hasPermissionAdministrator: " + hasPermission); } return hasPermission; } }
Using the permissions in Java source:@Restrict("hasPermissionUserAdministration") public String createUser() { ... .... }
Using the permissions in pages.xml:<page view-id="/xhtml/sec/admin/createUser.jspx"> <restrict>hasPermissionUserAdministration</restrict> <navigation> <rule if-outcome="success"> <render view-id="/xhtml/sec/admin/successful.jspx"/> </rule> <rule if-outcome="fail"> <render view-id="/xhtml/sec/admin/fails.jspx"/> </rule> </navigation> </page>
Using the permissions in .xhtml:<s:fragment rendered="#{identity.hasPermissionUserAdministration()}"> <li> <s:link id="m1" value="#{messages.adminLeftMenuCreateUserTitle}" action="#{leftMenuUi.setMenuId('m1')}" view="/xhtml/sec/admin/createUser.jspx" propagation="none"/> </li> </s:fragment>
But again, I recommend you to use JBoss Rules :-) -
6. Re: How to use Seam Extended Security without Rule Engine?
Fine that is exactly what I thought of being the first step,
thanks so much :-)