4 Replies Latest reply on May 27, 2008 9:37 PM by sudeval

    How to add Permissions, not Roles?

    vk101 Apr 16, 2008 8:32 PM

      I did an identity.addRole("person:create"), where 'person:create' is a String that came from a 'user' entity instance in the DB, and then checked for the permission in a pages.xml restriction:


      #{s:hasPermission('person','create',user)}


      I'm clearly not using this correctly because the identity that has the permission person:create isn't allowed access to the page (when it should!). However, the following also doesn't work, using 'identity' instead of 'user':


      #{s:hasPermission('person','create',identity)}


      What's the proper way to assign and check permissions, as opposed to simply roles?


      Thanks.

      • 122 Views
      • Tags:
        • 1. Re: How to add Permissions, not Roles?
          dro_k
          dro_k Apr 16, 2008 11:04 PM (in response to vk101)

          If you look at the source code, Identity doesn't have support for permissions. You should extend the Identity and override the hasPermission method. (I think there's a JIRA on this to be added in 2,1, don't quote me on that though)


          You can also use the rule based identity, then all you need to do is to write the appropriate jboss rules files which the process is  documented very well in seam documentation.


          cheers,
          Drew

            • Actions
          • 2. Re: How to add Permissions, not Roles?
            kariem
            kariem Apr 17, 2008 12:13 PM (in response to vk101)

            Kris,


            Just want to add some informtion to Drew's comment. Identity (org.jboss.seam.security.Identity) does not have methods to directly add permissions, it only supports the permission checks via the method hasPermission(String, String, Object…).


            You should not pass null to the last parameter. If you don't have anything to put there, just omit it. Otherwise, you get an exception.


            Rule-based identity (org.jboss.seam.security.RuleBasedIdentity), as Drew said, is well documented. I did not know Drools before using it, but following the docs should be straightforward.

              • Actions
            • 3. Re: How to add Permissions, not Roles?
              shane.bryzak
              shane.bryzak Apr 17, 2008 3:33 PM (in response to vk101)

              Seam 2.1.0.GA will include a new Identity Management and Permission Management API.  These new features will allow you to assign permissions to a user, in a manner as you described.

                • Actions
              • 4. Re: How to add Permissions, not Roles?
                sudeval
                sudeval May 27, 2008 9:37 PM (in response to vk101)

                Kariem Hussein wrote on Apr 17, 2008 12:13:


                Kris,

                Just want to add some informtion to Drew's comment. Identity (org.jboss.seam.security.Identity) does not have methods to directly add permissions, it only supports the permission checks via the method hasPermission(String, String, Object…).

                You should not pass null to the last parameter. If you don't have anything to put there, just omit it. Otherwise, you get an exception.

                Rule-based identity (org.jboss.seam.security.RuleBasedIdentity), as Drew said, is well documented. I did not know Drools before using it, but following the docs should be straightforward.


                However, to use rules of drools ( security file / JBoss Rules / Drools) i need override Identity to insert my permissions...
                i´m correct?


                like, 


                rule CanUserDeleteCustomers
when
  c: PermissionCheck(name == "customer", action == "delete")
  Role(name == "admin")
then
  c.grant();
end;



                because it´s use c: PermissionCheck


                i think !

                  • Actions