Permission mask problem

milesif.milesif.gmail.com Dec 9, 2009 4:06 PM

Hi everybody.

I am using Seam 2.2.0.GA. I had the following bean:

@Name("testManager")
@Scope(ScopeType.EVENT)
public class UserManager {

        @Restrict
        public String update() {
                // do something
        }
}

Security checks worked fine for target testManager and action update.
Then I tried to use the @Permission annotation to use a mask (just to experiment). So before @Name I put:

@Permissions ({
        @Permission(action="update", mask=1)
})

and in the action database field I substituded '1' to 'update'. The permission is no more given because in JpaPermissionStore.listPermissions, there is the following line

if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))

and

actionSet.contains(action)

is false because action equals update but actionSet contains only an Action with value 1 (my mask.....) and it looks as if the mapping between update and 1 is not resolved.

1. Re: Permission mask problem

milesif.milesif.gmail.com Dec 9, 2009 4:08 PM (in response to milesif.milesif.gmail.com)

I forgot to thank you for your help......

Ciao Francesco
Actions
2. Re: Permission mask problem

shane.bryzak Dec 9, 2009 5:39 PM (in response to milesif.milesif.gmail.com)

An empty @Restrict's permission target is the component's name, not the component instance (see SecurityInterceptor line 209). You could try an inline permission check instead, passing in the instance of the component (as the permission target) to Identity.hasPermission().
Actions

Go to original post