1 2 Previous Next 16 Replies Latest reply on Nov 16, 2008 12:08 AM by shane.bryzak

    permissionManager.grantPermissions(..) returns true but the values are not in the database

    mroeoesli Oct 16, 2008 10:30 AM

      I tryed to grant permissions to an object of my TestClass. I try it like this:


             
@In
PermissionManager permissionManager;
....


        TestClass tc=new TestClass();
     
     Permission p1= new Permission(tc,"view",identity.getPrincipal());
     Permission p2= new Permission(tc,"test",identity.getPrincipal());
     
     List<Permission> permissions= new ArrayList<Permission>();
     permissions.add(p1);
     permissions.add(p2);
     
     permissionManager.grantPermissions(permissions);




      identity.getPrincipal() is the user 'admin' successfuly authed by the identity manager. this user has the role 'root'


      to get access to grant permissions i added this rule in my security-rules.drl file


      ...
import ch.pomop.dummy.common.TestClass;
...

rule ManageTestClassPermissions
 no-loop
 activation-group "permissions"
when
  tc: TestClass()
  check: PermissionCheck(target == tc, action == "seam.grant-permission", granted == false)
  Role(name == "root")
then
  check.grant();
end




      permissionManager.grantPermissions(permissions) returns true but there is no value in my database.
      I also tryed
      permissionManager.getPermissionStore().grantPermissions(permissions);
      I also tryed to add @Transactional to my method wich calls grantPermissions(..)
      my entityManager works properly in other methods


      there is no exception and the result is ture but there is no entry in the database.


      I configured the PermissionManager like this:



           <security:permission-manager
          permission-store="#{org.jboss.seam.security.jpaPermissionStore}" />

     <security:jpa-permission-store
          user-permission-class="ch.pomop.dummy.security.AccountPermission" />




      my AccountPermission looks like this



      @Entity
public class AccountPermission implements Serializable {
     /**
    * 
    */
   private static final long serialVersionUID = -1901644563196207597L;
     private Integer permissionId;
     private String recipient;
     private String target;
     private String action;
     private String discriminator;

     
     public AccountPermission()
     {
        System.out.println("------------>");
     }
     
     @Id
     @GeneratedValue
     public Integer getPermissionId() {
          return permissionId;
     }

     public void setPermissionId(Integer permissionId) {
          this.permissionId = permissionId;
     }

     @PermissionUser
     @PermissionRole
     public String getRecipient() {
          return recipient;
     }

     public void setRecipient(String recipient) {
          this.recipient = recipient;
     }

     @PermissionTarget
     public String getTarget() {
          return target;
     }

     public void setTarget(String target) {
          this.target = target;
     }

     @PermissionAction
     public String getAction() {
          return action;
     }

     public void setAction(String action) {
          this.action = action;
     }

     @PermissionDiscriminator
     public String getDiscriminator() {
          return discriminator;
     }

     public void setDiscriminator(String discriminator) {
          this.discriminator = discriminator;
     }
}



      Is there something wrong what I am trying to do?
      Thx for your help!!
      greetz Marco


      • 389 Views
      • Tags:
        • 1. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
          shane.bryzak
          shane.bryzak Oct 16, 2008 1:48 PM (in response to mroeoesli)

          Do you have an identifier strategy configured for TestClass ?

            • Actions
          • 2. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
            mroeoesli Oct 16, 2008 1:59 PM (in response to mroeoesli)

            yes i have this:


            my testClass looks like:


            import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.security.permission.Identifier;


@Identifier(name="testClass")
@Name("testClass")
public class TestClass {
  
}



              • Actions
            • 3. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
              shane.bryzak
              shane.bryzak Oct 16, 2008 2:53 PM (in response to mroeoesli)

              Specifying just the name attribute will work for class identifiers, but not for instances.  You also need to implement an IdentifierStrategy for TestClass and specify it in the @Identifier annotation also.  E.g, the IdentifierStrategy:


              public class TestClassIdentifierStrategy implements IdentifierStrategy {

   public boolean canIdentify(Class targetClass) {
     return TestClass.class.equals(targetClass);
   }   

   public String getIdentifier(Object target) {
     return someUniquePropertyOfTheTestClassInstance;
   }
}



              And the corresponding configuration:


              @Identifier(value = TestClassIdentifierStrategy.class)
@Name("testClass")
public class testClass {


                • Actions
              • 4. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                mroeoesli Oct 16, 2008 5:07 PM (in response to mroeoesli)

                thanks shane for your fast answhere!


                Oke I tryed that now:


                My Test Class


                import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.security.permission.Identifier;

import ch.pomop.dummy.security.TestClassIdentifierStrategy;

@Identifier(value = TestClassIdentifierStrategy.class)
@Name("testClass")
public class TestClass {
  
   private int dummyValue;
   private String ident;
   

   public String getIdent() {
      return ident;
   }

   public void setIdent(String ident) {
      this.ident = ident;
   }

   public int getDummyValue() {
      return dummyValue;
   }

   public void setDummyValue(int dummyValue) {
      this.dummyValue = dummyValue;
   }
   
   
}



                My Strategy


                public class TestClassIdentifierStrategy implements IdentifierStrategy {

   public boolean canIdentify(Class targetClass) {
     return TestClass.class.equals(targetClass);
   }   

   public String getIdentifier(Object target) {
   
     return ((TestClass)target).getIdent();
   }
}



                the call


                       
....
        TestClass tc=new TestClass();
     tc.setIdent("mytestclassObject1");
     
     Permission p1= new Permission(tc,"view",identity.getPrincipal());
     Permission p2= new Permission(tc,"test",identity.getPrincipal());
     
     List<Permission> permissions= new ArrayList<Permission>();
     permissions.add(p1);
     permissions.add(p2);
     
     permissionManager.grantPermissions(permissions);
....



                there is still no exception and no value in the database. What else can be wrong now?


                greetz Marco

                  • Actions
                • 5. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                  shane.bryzak
                  shane.bryzak Oct 16, 2008 5:20 PM (in response to mroeoesli)

                  The rest of your code looks fine to me.  I suggest you set a breakpoint in JpaPermissionStore.updatePermissionActions() and debug what's happening when you grant the permissions.

                    • Actions
                  • 6. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                    mroeoesli Oct 17, 2008 11:23 AM (in response to mroeoesli)

                    while debung updatePermissionActions(..)


                    all looks good and then it comes to:


                    ..
  
  lookupEntityManager().persist(instance);
..


                    instance object looks good


                    then it comes to



                    (class:EntityMangerProxy.java)


                     public void persist(Object entity)
   {
      delegate.persist(entity);
   }


                    that looks good too


                    and it returns true in updatePermissionAction(..)


                    but the persist(..) method has no effect to my database the method which calls permissionManager.grantPermissions(permissons); is @Transactional


                    that is strange I don't know what can be wrong


                    my bee there is a problem here lookupEntityManager() and it my bee dosen't get the right entity manager


                    greetz Marco






                      • Actions
                    • 7. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                      shane.bryzak
                      shane.bryzak Oct 17, 2008 11:53 AM (in response to mroeoesli)

                      That does seem strange.  Is your entity manager actually called entityManager ?  Could you post your components.xml?  If you wanted to put together a minimal test case that reproduces the problem and send to me directly I'd be happy to take a look for you.

                        • Actions
                      • 8. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                        mroeoesli Oct 17, 2008 12:56 PM (in response to mroeoesli)

                        I am using hte default name entityManager


                        My components.xml


                        <?xml version="1.0" encoding="UTF-8"?>


<components xmlns="http://jboss.com/products/seam/components"
     xmlns:core="http://jboss.com/products/seam/core"
     xmlns:web="http://jboss.com/products/seam/web"
     xmlns:persistence="http://jboss.com/products/seam/persistence"
     xmlns:remoting="http://jboss.com/products/seam/remoting"
     xmlns:drools="http://jboss.com/products/seam/drools"
     xmlns:security="http://jboss.com/products/seam/security"
     xmlns:mail="http://jboss.com/products/seam/mail"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd
                 http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.1.xsd 
                 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd
                 http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.1.xsd
                 http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd
                 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd
                 http://jboss.com/products/seam/remoting http://jboss.com/products/seam/remoting-2.1.xsd">

     <core:init jndi-pattern="pomop/#{ejbName}/local" debug="true" />

     <core:manager concurrent-request-timeout="500"
          conversation-timeout="120000" conversation-id-parameter="cid"
          parent-conversation-id-parameter="pid" />



     <persistence:managed-persistence-context name="entityManager"
          auto-create="true"
          persistence-unit-jndi-name="java:/pomopEntityManagerFactory" />

     <factory name="hibernateSession" scope="STATELESS"
          auto-create="true" value="#{entityManager.delegate}" />



     <security:identity-manager identity-store="#{jpaIdentityStore}" />

     <security:jpa-identity-store
          user-class="ch.pomop.dummy.security.UserAccount"
          role-class="ch.pomop.dummy.security.Role" />

     <security:rule-based-permission-resolver
          security-rules="#{securityRules}" />

     <drools:rule-base name="securityRules">
          <drools:rule-files>
               <value>/META-INF/security-rules.drl</value>
          </drools:rule-files>
     </drools:rule-base>


     <!--
          <security:permission-manager
          permission-store="#{org.jboss.seam.security.jpaPermissionStore}" />
     -->
     <security:jpa-permission-store
          user-permission-class="ch.pomop.dummy.security.AccountPermission" />

</components>



                        I will send you a minimal test case in the course of the day. Thx for your help!


                        greetz Marco

                          • Actions
                        • 9. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                          shane.bryzak
                          shane.bryzak Oct 17, 2008 3:16 PM (in response to mroeoesli)

                          Your configuration looks fine.. I'll wait for your test case, hopefully it won't be too hard to spot the problem.

                            • Actions
                          • 10. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                            mroeoesli Oct 17, 2008 5:15 PM (in response to mroeoesli)

                            I couldn't reproduce the problem. I made a completly new project (a seam/jsf project wiht seam setup / seam create command) and i setted up everything like I had it in the other project. In this new project the same code works and the entry comes into the database.


                            There is only one difference between my testcaseproject and my other project. In my testcase Project I call the method directly from a JSF page. In my other Project I am using gxt/gwt and call a RPC Method on the Seam Server. This RPC method calls the grant method.


                            here is my ServiceImplementation Method:


                            @In(create=true)
   private StartupClass startupClass;

   @WebRemote
   public void grantPermissions() {
     
     startupClass.test();
   }



                            StartupClass is the SameClass what I used in my testcase Project:


                            @Name("startupClass")
public class StartupClass {
   

   @In
   PermissionManager permissionManager;
   
   public StartupClass(){
     System.out.println("foo");
   }
   
  
   @Transactional
   private void grant(List<Permission> permissions)
   {
     permissionManager.grantPermissions(permissions);
   }
   
    public void test()
   {
      TestClass tc=new TestClass();
     tc.setIdent("mytestclassObject1");
     Principal prrincipal = new SimplePrincipal("root");
     Permission p1= new Permission(tc,"view",prrincipal);
     Permission p2= new Permission(tc,"test",prrincipal);
     
     List<Permission> permissions= new ArrayList<Permission>();
     permissions.add(p1);
     permissions.add(p2);
     grant(permissions);
   }



                            So the only one difference is the @WebRemote annotation
                            I also enabled to show mysql logs in conole in my test case example it has made the insert into statement. In my other project is no instert statement and therefore no value in the database.


                            I try to implement a remote service too in my test case project and then I am surprised what will happend.


                            Doese it matter if an @WebRemote methode calls the grant ?


                            greetz Marco




                              • Actions
                            • 11. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                              shane.bryzak
                              shane.bryzak Oct 18, 2008 12:26 AM (in response to mroeoesli)

                              Could you please raise this in JIRA?  I just realised that we don't actually have any Seam example that updates data during a remoting/GWT call.  At the very least we should document this if there's any special configuraton required.

                                • Actions
                              • 12. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                                mroeoesli Oct 20, 2008 2:24 PM (in response to mroeoesli)

                                hi Shane


                                I made a dummy project that implements the problem check:
                                https://jira.jboss.org/jira/browse/JBSEAM-3584


                                I also raised it on JIRA check:
                                https://jira.jboss.org/jira/browse/JBSEAM-3584


                                Greetz marco

                                  • Actions
                                • 13. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                                  larshuber
                                  larshuber Nov 13, 2008 6:57 PM (in response to mroeoesli)

                                  Is it a Seam Problem? We want to use the PermissionStore in conjunction with remoting too. What is an appropriate workaround?


                                  thanks
                                  lars

                                    • Actions
                                  • 14. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                                    shane.bryzak
                                    shane.bryzak Nov 13, 2008 7:13 PM (in response to mroeoesli)

                                    I've scheduled this issue for the 2.1.1.GA release - I can't recommend a workaround at the moment sorry, because I don't understand the problem yet :)

                                      • Actions
                                    1 2 Previous Next