Using rules on password change

jonas123 Dec 9, 2008 2:50 PM

Hi everyone !
I just started using seam and I'm getting kinda stuck while trying to use some of the security features. I just included the security rules described in the reference:

rule ManageUsers
 no-loop
 activation-group "permissions"
when  
  check: PermissionCheck(name == "seam.user", granted == false)
  Role(name == "admin")
then
  check.grant();
end

rule ManageRole
 no-loop
 activation-group "permissions"
when  
  check: PermissionCheck(name == "seam.role", granted == false)
  Role(name == "admin")
then
  check.grant();
end

rule ManagePermissions
 no-loop
 activation-group "permissions"
when  
  check: PermissionCheck(action == "seam.grant-permission", granted == false)
  Role(name == "admin")
then
  check.grant();
end

It works fine but I found a problem for non-admins on some actions. While changing password a non-admin user cannot change his own since, obviously, he is not admin (he has user Role). So I get the expected exception :

Caused by javax.faces.FacesException with message: "#{changePasswordAction.changePassword}: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,update]"

I don't know how to make a rule to let the PermissionCheck on password change allows the current logged user to fullfil the action. Should I use the PermissionStores with ACLs or is there a simple way to make it with Drools Rules? Sorry if these are somewhat stupid questions, like I said I'm just beginning,

Thanks in advance

1. Re: Using rules on password change

shane.bryzak Dec 11, 2008 12:51 AM (in response to jonas123)

You can use a RunAsOperation to perform a password change for the current user.
Actions