-
1. Re: ACL Security In Seam
prati Dec 10, 2009 5:33 PM (in response to prati)Related to my previous post...
I am trying to restrict using @Restrict on Action but it's giving Authorization exception. -
2. Re: ACL Security In Seam
josdaniel Dec 10, 2009 6:13 PM (in response to prati)Check to see if you see a corresponding entry in the permissions table for your update permission.
-
3. Re: ACL Security In Seam
prati Dec 10, 2009 10:18 PM (in response to prati)Hi,
Yes i can see entry going into AccountPermissionTable,there is no problem with that.
AccountPermission
=================
RECIPIENT TARGET ACTION DISCRIMINATOR
-----------------------------------------------
bob Customer:1234 update user
What my issue is my @Restrict on action is not working.I am using @Restrict or
@Restrict("#{s:hasPermission('customer','update')}").
But no luck it gives me Authorization Exception.
Thanks
Prati -
4. Re: ACL Security In Seam
joblini Dec 11, 2009 4:02 AM (in response to prati)It would have to be
@Restrict("#{s:hasPermission('customer:1234','update')}").
That is, the target must match exactly the value of @PermissionTarget, which is
customer:1234
If you want to secure by entity instance, you may use annotations on the entity which will result in interceptors being invoked to authenticate whenever an entity instance is accessed. See the documentation for details.
-
5. Re: ACL Security In Seam
prati Dec 11, 2009 1:24 PM (in response to prati)Hi
Thankyou ,it worked :-). Yes i need to secure entity. I will check Seam documentation.
Thanks once again.
Regards
Prati -
6. Re: ACL Security In Seam
prati Dec 14, 2009 1:48 AM (in response to prati)I have one more query. As I am not using jboss-rules and what i am trying to do is:
1) If I login as a 'Admin' i should be able to see all Customers,
2) If I login as 'User' i should be able to see few customers
I did it like that
AccountPermission accountPermission = (AccountPermission)em.createQuery("SELECT a FROM AccountPermission a WHERE a.recipient = :recipient")
.setParameter("recipient", recipient)
.getSingleResult();
String[] targetParts = accountPermission.getTarget().split(":");
if (targetParts.length == 2) {
targetClass = targetParts[0];
targetId = Integer.parseInt(targetParts[1]);
}
Since target is saved like 'Customer:1234"
Then searched for targetId in Customer table.
Not sure is this the best way of doing the above thing?
Can i do this using PermissionStore?
Please suggest
Thanks
P -
7. Re: ACL Security In Seam
prati Dec 14, 2009 1:54 AM (in response to prati)http://seamframework.org/Documentation/ACLSecurityInSeam
OR it has to be done like mentioned in above link?
Thanks
P