-
1. Re: Using PermissionManager to grant
samdoyle Feb 24, 2010 2:30 PM (in response to khosro_question)Why not use drools and setup some simple rule security.drl it was made for this sort of thing.
e.g.
rule "AllowManage"
no-loop
when
user: User(isAdmin == true);
perm: PermissionCheck(target == "homepage.management", action == "access", granted == false);
then
perm.grant();
end
Then you could use something like the following in your JSF or in your code within @Restrict
"#{s:hasPermission('homepage.management', 'access', user}"
You could even do the same check in your code like:
if (Identity.hasPermission("homepage.management", "access", user)) { ... } -
2. Re: Using PermissionManager to grant
khosro_question Feb 24, 2010 3:16 PM (in response to khosro_question)Hi,
Yes,you are right,we can do it by Drools.We have implemented it by Drools before.
But now we want to use database for storing permissions and generate permissions dynamically.
But i encounter this problem that i described.Khosro.
-
3. Re: Using PermissionManager to grant
khosro_question Feb 25, 2010 2:07 PM (in response to khosro_question)Hi,
It seems nobody faces such a problem that i have.
Ok.
I have another question(Maybe i must create a new post in forum)
Is there any way to add dynamically permission to database in seam without having a problem that i have described above?Or is there any tutorial for it.Khosro.
-
4. Re: Using PermissionManager to grant
shane.bryzak Feb 25, 2010 3:10 PM (in response to khosro_question)If I'm understanding your problem correctly, you can use a RunAsOperation to grant the permission as the admin user.
-
5. Re: Using PermissionManager to grant
khosro_question Feb 25, 2010 7:12 PM (in response to khosro_question)Hello,
Thanks Shane,
Oh,i made a big mistake that i do not show SecurtiyService class.
SecurtiyService class :public class SecurityService { public void grantPermission(Object target, String action, User user) { Permission permission = new Permission(target, action, new SimplePrincipal(user.getUsername())); PermissionManager.instance().grantPermission(permission); } }
I have run this code but still i got exception
RunAsOperation asOperation=new RunAsOperation() { @Override public void execute() { // TODO Auto-generated method stub securityService.grantPermission(user.getPerson(), "homepage.management", user); } }; asOperation.addRole("admin").run();
exception is
Authorization check failed for permission[edu.aut.autcms.entity.User@43,seam.grant-permission]
Khosro.
-
6. Re: Using PermissionManager to grant
shane.bryzak Feb 25, 2010 11:10 PM (in response to khosro_question)I just noticed in your first post that you set the discriminator for admin to 'user'. It should be 'role'.
-
7. Re: Using PermissionManager to grant
khosro_question Feb 26, 2010 5:14 PM (in response to khosro_question)i Shane,
Maybe i am in a wrong way to describe my problem or maybe i can not undrestand how to use RunAsOperation class.But in short :
I log in with username
admin
and passwordadmin
then i want to insert this row in user table:
id username password 2 bob bob
and i successfully add it to user table.
and then i wan to insert this row in permission table.target action recipient descriminator user:2 homepage.management bob user
In pages.xml i restrict home page with :
<page view-id="/people/mgmt/homepage.xhtml"> <restrict>#{s:hasPermission(userHome.user,'homepage.management')}</restrict> </page>
For doing this ,i had to first insert this row in permission table:
target action recipient descriminator user:2 seam.grant-permission admin user
,otherwise i got this exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[edu.aut.autcms.entity.User@53,seam.grant-permission]
And using RunAsOperation do not solve my problem.Khosro.
-
8. Re: Using PermissionManager to grant
khosro_question Mar 28, 2010 7:04 AM (in response to khosro_question)Hello,
I have one basic question about security in Seam.
As Seam doc says(Permission checks for PermissionManager operations) ,if we want to grant a permission to a user(or role) on instance of a object(in Seam's term ,it is target),target must haveseam.grant-permission
permission action.So first we must grant user(or role) on target and givingseam.grant-permission
permission action to target.
I use these codes:MyController.java
RunAsOperation asOperation=new RunAsOperation() { @Override public void execute() { securityService.grantPermissionByRole(target, "seam.grant-permission", roleDAO.findByName("admin")); } }; asOperation.addRole("admin").run();
SecurityService.java
public void grantPermissionByRole(Object target, String action,Role role) { Permission permission = new Permission(target, action, new SimplePrincipal(role.getName())); PermissionManager.instance().grantPermission(permission); }
RoleDOA.java
public Role findByName(String name) { String query = "FROM Role where name = ?"; return (Role) em.createQuery(query).setParameter(1, name).getSingleResult(); }
But i still got AuthorizationException in MyController class.
Exception is :org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[edu.aut.autcms.entity.target@2b,seam.grant-permissio n]
I am really confusing about using security in Seam.
Khosro.
-
9. Re: Using PermissionManager to grant
freddycucho Sep 29, 2011 8:25 AM (in response to khosro_question)Dear Khosro Asgharifard
I am a new user but your error is for this reason:
You hava not privileges for create new permissions.
Fix: add the following sentences in your import.sql:
insert into permission (id, target, action, recipient, discriminator) values (1, 'permission', 'seam.read-permissions','your role', 'role')
insert into permission (id, target, action, recipient, discriminator) values (2, 'permission', 'seam.grant-permission','your role', 'role')
insert into permission (id, target, action, recipient, discriminator) values (3, 'permission', 'seam.revoke-permission','your role', 'role')Best Regards