Seam-security:removing role relationship
When I make a user a member of a group, and then I make this same user play a role in that group, I cannot remove that role.
iE, setting up a user, a group, and the two user-group relations described above :
// Relationship types
IdentityObjectRelationshipType jbossIdentityMembership = new IdentityObjectRelationshipType();
jbossIdentityMembership.setName("JBOSS_IDENTITY_MEMBERSHIP");
entityManager.persist(jbossIdentityMembership);
IdentityObjectRelationshipType jbossIdentityRole = new IdentityObjectRelationshipType();
jbossIdentityRole.setName("JBOSS_IDENTITY_ROLE");
entityManager.persist(jbossIdentityRole);
// Admin role name
IdentityRoleName adminRole = new IdentityRoleName();
adminRole.setName("admin");
entityManager.persist(adminRole);
// Group type
IdentityObjectType CONTAINER = new IdentityObjectType();
CONTAINER.setName("CONTAINER");
entityManager.persist(CONTAINER);
// GROUP
IdentityObject myGroup = new IdentityObject();
myGroup.setName("myGroup");
myGroup.setType(CONTAINER);
entityManager.persist(myGroup);
// USER
IdentityObject user = new IdentityObject();
// ...
// Simple group membership (no role)
IdentityObjectRelationship memberRelation = new IdentityObjectRelationship();
memberRelation.setRelationshipType(jbossIdentityMembership);
memberRelation.setFrom(myGroup);
memberRelation.setTo(user);
entityManager.persist(memberRelation);
// Admin role in group
IdentityObjectRelationship adminRelationship = new IdentityObjectRelationship();
adminRelationship.setRelationshipType(jbossIdentityRole);
adminRelationship.setFrom(myGroup);
adminRelationship.setTo(user);
adminRelationship.setName(adminRole.getName());
entityManager.persist(adminRelationship);And then I tried to remove the role via the api :
RoleManager roleManager = identitySession.getRoleManager();
RoleType roleType = roleManager.getRoleType("admin");
roleManager.removeRole(roleType, user, myGroup);I receive this exception :
Caused by: javax.persistence.NonUniqueResultException: result returns more than one elements
at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:287)
at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:264)
at org.jboss.seam.security.management.picketlink.JpaIdentityStore.removeRelationship(JpaIdentityStore.java:1408)
at org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository.removeRelationship(WrapperIdentityStoreRepository.java:213)
at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.removeRole(RoleManagerImpl.java:331)
It seem that JpaIdenittyStore doesn't quite make the difference between Role and Group memberships.Do I populate my database correctly (I'm a bit confused with RoleName, RoleType and IdentityRelationshipType) ?