SEAM-SECURITY identity.getGroups VS RelationshipManager.getAssociatedGroups(User)
baraber Sep 6, 2011 4:20 PMHello :)
I'm working with seam-security 3.1.0.Beta2 using JPAIdentityStore with hibernate and mysql under glassfish 3.1.
I have to implements simple coarse-grained security based on group membership.
Basically, I have a user named employe
that is in group usine
.
Here is how I populate the database :
@Transactional public void loadData(@Observes @Initialized WebApplication webapp) throws IdentityException { // Roles IdentityRoleName employeRoleName = new IdentityRoleName(); employeRoleName.setName("employe"); entityManager.persist(employeRoleName); // Object types IdentityObjectType USER = new IdentityObjectType(); USER.setName("USER"); entityManager.persist(USER); IdentityObjectType GROUP = new IdentityObjectType(); GROUP.setName("GROUP"); entityManager.persist(GROUP); // Credential types IdentityObjectCredentialType PASSWORD = new IdentityObjectCredentialType(); PASSWORD.setName("PASSWORD"); entityManager.persist(PASSWORD); // Object relationship types IdentityObjectRelationshipType jbossIdentityMembership = new IdentityObjectRelationshipType(); jbossIdentityMembership.setName("JBOSS_IDENTITY_MEMBERSHIP"); entityManager.persist(jbossIdentityMembership); IdentityObjectRelationshipType jbossIdentityRole = new IdentityObjectRelationshipType(); jbossIdentityRole.setName("JBOSS_IDENTITY_ROLE"); entityManager.persist(jbossIdentityRole); // Groups IdentityObject usine = new IdentityObject(); usine.setName("usine"); usine.setType(GROUP); entityManager.persist(usine); // Users IdentityObject employe = new IdentityObject(); employe.setName("employe"); employe.setType(USER); entityManager.persist(employe); // Credentials IdentityObjectCredential employeCredential = new IdentityObjectCredential(); employeCredential.setIdentityObject(employe); employeCredential.setType(PASSWORD); employeCredential.setValue("employe"); entityManager.persist(employeCredential); // Group membership IdentityObjectRelationship employeUsineGroupRelationship = new IdentityObjectRelationship(); employeUsineGroupRelationship.setRelationshipType(jbossIdentityMembership); employeUsineGroupRelationship.setFrom(usine); employeUsineGroupRelationship.setTo(employe); entityManager.persist(employeUsineGroupRelationship); }
Once logged, if I ask the relationship manager to give me all the groups for the current user :
RelationshipManager manager = identitySession.getRelationshipManager(); Collection<Group> groups = manager.findAssociatedGroups(identity.getUser()); System.out.println("Groups returned from RelationshipManager.findAssociatedGroups : "); if(groups.size() == 0) { System.out.println("none"); return; } for(Group g:groups) { System.out.println("in "+g.getName()); }
It tells me that the user is in group 'usine'.
But, if I ask the same question to the api, but instead passing by the identity object :
System.out.println("Groups returned from identity.getGroups"); Collection<Group> groups = identity.getGroups(); if(groups.size() == 0) System.out.println("none"); for(Group g:groups) { System.out.println("in "+g.getName()); }
It tells me that the current user is in no group.
Also, identity.inGroup('usine', 'GROUP') always return false :(
Is there a problem with how I populate the database or is it a known issue (tried to find but with no luck) ?