5 Replies Latest reply on Nov 17, 2009 6:27 PM by josdaniel

    Extending PermissionResolver

    andre1001

      Hi,


      I'm developing a multitenant application and get some questions:


      1) I need different permission sets for the same user. For example, when user U is logged in company C, I need company C permission set for user U; when user U is logged in company C1, I need company C1 permission set for user U, and so on.


      I tried to achieve this by inserting company on MyPermission entity. I think the next step is to extend  PermissionResolver and make something similar to PersistentPermissionResolver adding company validation. How can I get company from MyPermission entity? Do I need to bring MyPermission again using another Query? Is it the right way to extend Seam Security Framework?



            Integer company = identity.getCompany();
      
            for (Permission permission : permissions)
            {
               if (permission.getRecipient() instanceof SimplePrincipal &&
                     username.equals(permission.getRecipient().getName() && company.equals(???????))
               {
                  return true;
               }
      




      2) Is it possible to deactivate PersistentPermissionResolver (or any other Resolver) from the Resolver chain?


      Thanks.

        • 1. Re: Extending PermissionResolver
          andre1001


          1) Can't figure out a way. Maybe extending JPAPermissionStore (wich implements PermissionStore), but PermissionStore accepts just Permission on his interface and I have my own defined permission class. Any ideas?


          2) Seems now it's possible (https://jira.jboss.org/jira/browse/JBSEAM-3664). I'll try this out when playing with 2.1.2.

          • 2. Re: Extending PermissionResolver
            andre1001

            1) Something doesn't make sense to me. Why I'm able to define my own Permission class if I'm not able to persist, neither query eventual fields (ex. company, creationDate, ... etc)?

            • 3. Re: Extending PermissionResolver
              shane.bryzak

              Assuming that you are storing the company ID in session scope, you should just need to extend JpaIdentityStore and include the session-scoped company ID in any queries and entity updates.  I think that you should only need to override the createPermissionQuery() and updatePermissionActions() methods.

              • 4. Re: Extending PermissionResolver
                andre1001

                Shane,


                I think you meant JpaPermissionStore, right?


                By extend JpaPermissionStore you meant add the new class to Seam package or just add it to my project?


                1) I've been trying to extend JpaPermissionStore inside my projetct, but it was not possible because all properties and some methods were made private.


                2) I've also tried to copy the content of JpaPermissionStore inside a new class (that it's worse than 1!!) and got problems wit ActionSet class (also not visible).

                • 5. Re: Extending PermissionResolver
                  josdaniel

                  Hi Shane, Andre,


                  I ran into the same issue of not being able to extend JpaPermissionStore for the reasons mentioned above. Are there any workarounds to resolve this problem.


                  Thanks,
                  - jd