0 Replies Latest reply on Oct 26, 2009 9:54 PM by sdnakhla

    identityManager.createUser() not working

    sdnakhla
    sdnakhla Oct 26, 2009 9:54 PM

      I am trying to implement user registration in a manner similar to the SeamSpace example.  I have created an action that allows an anonymous user to register for an account containing the following code:




      new RunAsOperation() {

               @Override
               public void execute() {
                    if (logger.isDebugEnabled()) {
                         logger.debug("$RunAsOperation.execute() - start"); //$NON-NLS-1$
                    }

                    identityManager.createUser(getUsername(), getPassword());
                    identityManager.grantRole(getUsername(), "member");

                    if (logger.isDebugEnabled()) {
                         logger.debug("$RunAsOperation.execute() - end"); //$NON-NLS-1$
                    }
               }
          }.addRole("admin").run();





      I copied this code nearly verbatim from the SeamSpace example, however I get the following exception when I hit the identityManager.createUser() line:




      SEVERE: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]





      I am running this app in Tomcat without Embedded EJB.  The relevant lines from my components.xml and security.drl files are below.  Can anyone tell me why this isn't working?  I've opened up the permissions as best I could in security.drl so that the admin role should be able to do anything, but I still get the exception.  Any advice or guidance?


      Steve


      components.xml:
           


      <security:jpa-permission-store
          user-permission-class="net.odyssi.corvus.entities.UserAccountPermission" />

     <drools:rule-base name="securityRules">
          <drools:rule-files>
               <value>/META-INF/security.drl</value>
          </drools:rule-files>
     </drools:rule-base>

     <security:rule-based-permission-resolver
          security-rules="#{securityRules}" />

     <security:jpa-identity-store user-class="net.odyssi.corvus.entities.UserAccount"
          role-class="net.odyssi.corvus.entities.AuthorizationRole" />
     <security:identity-manager identity-store="#{jpaIdentityStore}" />







      security.drl:



      package SeamSpacePermissions;

dialect 'mvel'

import java.security.Principal;

import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.permission.RoleCheck;
import org.jboss.seam.security.Role;

rule ManageUsers
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(target == "seam.user", granted == false)
  AuthorizationRole(name == "admin")
then
  check.grant();
end

rule ManageRoles
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(target == "seam.role", granted == false)
  AuthorizationRole(name == "admin")
then
  check.grant();
end