Problem with IdentityManager
gewuerzgurke Aug 13, 2009 11:56 AMHi everyone,
I'm using Seam 2.2.0 GA and Jboss 5.0.1 GA.
Calling the following methods result in an exception:
@End(beforeRedirect=true) public String changePassword() { if( passwordOne == null || passwordTwo == null || "".equals(passwordOne) || "".equals(passwordTwo) ) { facesMessages.add("Passwort darf nicht leer sein"); return null; } if( ! passwordOne.equals(passwordTwo) ) { facesMessages.add("Die Passwörter müssen übereinstimmen"); return null; } identityManager.changePassword(userHome.getInstance().getUserName(), passwordOne); return getRedirect(); }
identityManager.changePassword(userHome.getInstance().getUserName(), passwordOne);
The exception:
Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,update] at org.jboss.seam.security.Identity.checkPermission(Identity.java:590) at org.jboss.seam.security.management.IdentityManager.changePassword(IdentityManager.java:123) at com.muellerseidel.peachshops.core.session.PasswordChangeAction.changePassword(PasswordChangeAction.java:66) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.seam.util.Reflections.invoke(Reflections.java:22) at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.ConversationInterceptor.aroundInvoke(ConversationInterceptor.java:56) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.bpm.BusinessProcessInterceptor.aroundInvoke(BusinessProcessInterceptor.java:51) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.ConversationalInterceptor.aroundInvoke(ConversationalInterceptor.java:43) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185) at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103) at com.muellerseidel.peachshops.core.session.PasswordChangeAction_$$_javassist_seam_6.changePassword(PasswordChangeAction_$$_javassist_seam_6.java) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348) at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58) at org.jboss.el.parser.AstValue.invoke(AstValue.java:96) at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) ... 53 more
Relevant part of my components.xml is:
<drools:rule-base name="securityRules" rule-files="/security.drl"/> <security:rule-based-permission-resolver security-rules="#{securityRules}" /> <security:jpa-identity-store user-class="com.muellerseidel.peachshops.core.entity.User" role-class="com.muellerseidel.peachshops.core.entity.Role"/>
I've took the security.drl from the examples:
package Permissions; import java.security.Principal; import org.jboss.seam.security.PermissionCheck; import org.jboss.seam.security.Role; rule ManageUsers no-loop activation-group "permissions" when check: PermissionCheck(name == "seam.user", granted == false) Role(name == "admin") then check.grant(); end rule ManageRoles no-loop activation-group "permissions" when check: PermissionCheck(name == "seam.role", granted == false) Role(name == "admin") then check.grant(); end
According to the expression
#{identity.hasRole('admin')}
the user I'm working with should be in that role. Anyone has an idea how to fix this?