-
1. Re: Configuring JpaPermissionStore
riboriori Jun 23, 2011 12:25 PM (in response to riboriori)Anyone naver used permission management with seam 3? can anyone help me?
-
2. Re: Configuring JpaPermissionStore
poulpe Jun 23, 2011 1:17 PM (in response to riboriori)Hi,
My guess is that persitent permission (ACLs) are not usable right now. I saw that information on part
what's next?
of My LinkI think the only way to deal with permission is to use drools and the security.drl by creating permission rules waiting for ACLs.
The idmconsole example use the security.drl file to create rules for role.Regards
-
3. Re: Configuring JpaPermissionStore
riboriori Jun 23, 2011 1:26 PM (in response to riboriori)I think its so; in fact i think that JpPermissionStore isn't never initialized.
In its methodinitProperties
there there are various checks for correct configuration of identityPermissionClass
and its various properties annotated with @PermissionProperty (IDENTITY, RELATIONSHIPTYPE, RELATIONSHIPNAME and RESOURCE). If all checks passes then that variable (isEnabled) is forced to true.
But if i insert a breakpoint into initProperties method BEFORE starting jboss, that method never called.
I'm waiting for a 3.01 version...
When it is scheduled? u know?
(Sorry for my bad english).
Best regards -
4. Re: Configuring JpaPermissionStore
riboriori Jun 23, 2011 1:30 PM (in response to riboriori)I've read that post, but it is refers to 3.0.0.Alpha1 while i'm using 3.0.0 Final.....
-
5. Re: Configuring JpaPermissionStore
shane.bryzak Jun 23, 2011 6:33 PM (in response to riboriori)JpaPermissionStore didn't make it into the Seam 3.0 release, with the refactoring to use PicketLink as the core security API we still need to rewrite ACL permissions. It's planned to be released as part of Seam 3.1, the first beta of which is due in August.
-
6. Re: Configuring JpaPermissionStore
riboriori Jun 24, 2011 2:45 AM (in response to riboriori)Tank you Shane, i'll wait for August.
Regards -
7. Re: Configuring JpaPermissionStore
baraber Jun 29, 2011 5:12 PM (in response to riboriori)I tried to play with JpaPermissionStore a bit and I have a question.
Why is the init method not called by CDI ?
It is annotated with @Inject and therefore should be called.
Same problem for all injected fields. By example, the BeanManager should normally be injected but is always null. Maybe I just miss some basic CDI understanding for injection in application scoped bean ?Can someone explain it ?
-
8. Re: Configuring JpaPermissionStore
baraber Jun 30, 2011 12:06 PM (in response to riboriori)Oh, forget that last one. To have the JpaIdentityStore enabled, you must configure it like this :
<security:JpaPermissionStore> <s:modifies/> <security:identityPermissionClass>foo.bar.IdentityPermission</security:identityPermissionClass> </security:JpaPermissionStore>
My mistake was to use
<s:repaces/>
instead of<s:modifies/>
. -
9. Re: Configuring JpaPermissionStore
mariogiurlanda Sep 13, 2011 10:12 AM (in response to riboriori)Hello,
I'm trying to configure JpaPermissionStore as you said
<security:JpaPermissionStore> <s:modified/> <security:identityPermissionClass>foo.bar.IdentityPermission</security:identityPermissionClass> </security:JpaPermissionStore>
seam-config log says:
[org.jboss.seam.config.xml.bootstrap.XmlConfigExtension]
Adding XML Defined Bean: org.jboss.seam.security.permission.JpaPermissionStore
so I guess the framework is picking up the bean but then when I try to use the instance all fields are not initialized even the identityPermissionClass.
Any help? Did you get any further?
Thanks,
Mario
-
10. Re: Configuring JpaPermissionStore
lightguard Sep 13, 2011 10:59 AM (in response to riboriori)Mario, please try replaces instead of modifies as Richard stated just before your post.
-
11. Re: Configuring JpaPermissionStore
mariogiurlanda Sep 13, 2011 11:01 AM (in response to riboriori)I was able to enable the JpaPermissionStore but I cannot retrieve any permission from the database because I never pass the following conditional statement in JpaPermissionStore
if (resource != null && (action == null || (actionSet != null && actionSet.contains(action))))
My action is not null but the actionSet is null as well.
Could someone explain better this bit so I can try to provide a patch for it?
Thanks,
Mario
-
12. Re: Configuring JpaPermissionStore
shane.bryzak Sep 13, 2011 11:57 AM (in response to riboriori)Guys, as I stated previously JpaPermissionStore is not complete in Seam 3. It requires some significant refactoring to bring it inline with Seam's new Picketlink-based new security model, and I also have a number of enhancements that need to be implemented. Unfortunately since this work looks like it will take a couple of weeks of solid work it will most likely not make it into the upcoming 3.1 release, however since it seems to be attracting more attention I will do my best to make it a higher priority for the subsequent release.
-
13. Re: Configuring JpaPermissionStore
riboriori Oct 15, 2011 6:09 PM (in response to riboriori)Hi Shane, any news about permissions?
It is present on seam-3.1.0.Beta3?
Regards -
14. Re: Configuring JpaPermissionStore
gerry.matte Mar 1, 2012 4:05 PM (in response to shane.bryzak)Hi Shane.
I've been trying to implement the idmconsole example.
Everything works fine as long as I use role 'admin' and group 'Head Office' for userid's that I create.
I tried to use webadmin rather than admin by modifying security.drl. The application throws an illegalArgumentException "Illegal Group Reference".
So I restored the security.drl and added a new group 'all' and made my test userid a member of both 'Head Office' and of 'all'. I still get the exception.
It looks to me like the seam security module isn't really usable - or something seems to be hard coded in the picketlink configuration ?
Is the JpaPermissionStore complete now ?