-
1. Re: File access permission to users
luxspes Aug 30, 2009 9:39 PM (in response to seamkaruna)You need to be way more specific, forums are not good for this kind of questions (believe me I have made the same the same mistake ;-) ).
-
2. Re: File access permission to users
seamkaruna Aug 31, 2009 6:12 AM (in response to seamkaruna)hi peredo,
thanks for ur reply but i want to implement security in my application what can i do, plz suggest some idea.
thanks.
-
3. Re: File access permission to users
lvdberg Aug 31, 2009 8:42 AM (in response to seamkaruna)Hi,
Seam can secure your application by restricting access to pages and resources. You can add a restriction to pages.xml to enable login (to start with) .Seam has an excellent
User-Role based
authorization mechanism see chapter 15 of the documentation on how to do that.Furthermore you can add a restriction to the
rendered
atributes of your page content (see the s:role element.last but not leats, you can restrictions to your bean-methods with annotations. This is also explainde in detail in chapter 15.
If you have more question, don't hesitate to ask, but I agree with Francisco, don't ask the
generic
questions. -
4. Re: File access permission to users
seamkaruna Aug 31, 2009 11:18 AM (in response to seamkaruna)hi leo,
Thanks for ur valuable reply i just gone through the documentation but i couldn't understand the following
<page view-id="/reports.xhtml">
<restrict>#{s:hasRole('admin')}</restrict>
</page>
if i have to write any function like hasRole in bean. Better if u have any example code plz send it to me.
thanks in advance. -
5. Re: File access permission to users
lvdberg Aug 31, 2009 11:46 AM (in response to seamkaruna)You need to include User and Role entities in your application. Seam allows you to annotate these classes and include them in your application security model. You need an
authenticate
bean which takes care of authenticating users, which also adds the defined Roles to the user.If you have that in place, the -restrict- in pages will work without any additional coding. It seesm a bit complex, but it really pays off on the long term.
the s:role tag is also used inside the restriction but can alsobe used in the rendered attribute so disabling the visibility of elements for non-authorized used.
The distro and docs contain the examples: but if it's helpful some of my own code (if shortened it a bit, because I am using it with JBPM and automatic skin/language setting:
@Name("authenticationManager") public class AuthenticationManager { @Logger Log log; @In EntityManager entityManager; @In Actor actor; // For use with JBPM @In Credentials credentials; @In Identity identity; @In FacesMessages facesMessages; @Out(required=false) Operator currentUser; @Transactional public boolean authenticate(){ try { Operator user = (Operator) entityManager.createQuery("select u from Operator u left join fetch u.managementCentre c where u.userName = :username") .setParameter("username", credentials.getUsername()) .getSingleResult(); // Check the password if (!user.getUserPassword().equalsIgnoreCase(credentials.getPassword()) ) return false; actor.setId(user.getUserName()); if (user.getUserRoles() != null){ for (Role role: user.getUserRoles()){ identity.addRole(role.getName()); actor.getGroupActorIds().add(role.getName()); } } currentUser = user; identity.addRole("user"); return true; } catch (NoResultException e){ return false; } } }
You need to add the following to components.xml
<security:identity authenticate-method="#{authenticationManager.authenticate}" />
-
6. Re: File access permission to users
seamkaruna Sep 1, 2009 7:47 AM (in response to seamkaruna)hi Leo,
I just gone through the identity-management, everything is ok but when running the project i still get the same welcome page instead of the identity management page when i entered as admin.
i couldn't understand how to set (hibernate.hbm2ddl.auto setting) in my dos console.
-
7. Re: File access permission to users
lvdberg Sep 1, 2009 9:18 AM (in response to seamkaruna)Hi,
I am not at my usual workingplace, so I can't do some code cut-and-pasting for exampls. You need to put the login-requirement in the pages.xml file. Something like this.
<pages login-view-id="your-login-page.xhtml"> ... <page view-id="/yourSecurePageDir/*" login-required="true" /> ... </pages>
That hibernate property is set in the config.files. For JPA that is persistence.xml and there you will find that setting or you need a new one.
Leo
-
8. Re: File access permission to users
jamesjmp Sep 1, 2009 1:44 PM (in response to seamkaruna)Hi,
What Leo has told you is perfect. To go further there is another approach for security issues.
You may use drools. Your application has a security.drl file.
There you may define that to display a page you must have a role.
For instance, if you have a Restricted.xhtml page that may be visited only by users whose role isadmin
oradvancedUser
your should configure it this way:In your security.drl file add:
rule Restriction when c: PermissionCheck(name == "/Restricted.xhtml") Role(name == "admin") or Role(name == "advancedUser") then c.grant(); end;
On the other hand in your pages.xml add this:
<page view-id="/Restricted.xhtml"> <restrict/> </page>
The latest means that before displaying Restricted.xhtml it checks if in security.drl file there is a rule. It would find
Restriction
rule and then check if user role is admin or advancedUser.For using this approach the use of roles and identities is compulsory
A summary tip:
The following:<page view-id="/Restricted.xhtml"> <restrict>#{s:hasRole('adminGral')}</restrict> </page>
is the same as this
<page view-id="/Restricted.xhtml"> <restrict/> </page>
in addition to thisrule Restriction when c: PermissionCheck(name == "/Restricted.xhtml") Role(name == "admin") then c.grant(); end;
-
9. Re: File access permission to users
seamkaruna Sep 2, 2009 7:17 AM (in response to seamkaruna)hi Leo and Jaime,
Thanks a lot i had successfully done those things. Great work by u people.
thanks a lot