Hi,
Yes,you are right,we can do it by Drools.We have implemented it by Drools before.
But now we want to use database for storing permissions and generate permissions dynamically.
But i encounter this problem that i described.

Khosro.

Hi,

It seems nobody faces such a problem that i have.
Ok.
I have another question(Maybe i must create a new post in forum)
Is there any way to add dynamically permission to database in seam without having a problem that i have described above?Or is there any tutorial for it.

Khosro.

Hello,

Thanks Shane,

Oh,i made a big mistake that i do not show SecurtiyService class.
SecurtiyService class :

public class SecurityService {

     public void grantPermission(Object target, String action, User user) {
          Permission permission = new Permission(target, action, new SimplePrincipal(user.getUsername()));
          
          PermissionManager.instance().grantPermission(permission);
     }
     
}

I have run this code but still i got exception

 RunAsOperation asOperation=new RunAsOperation() {
               
               @Override
               public void execute() {
                    // TODO Auto-generated method stub
                    securityService.grantPermission(user.getPerson(),
                              "homepage.management", user);
               }
          };
          asOperation.addRole("admin").run();

exception is

Authorization check failed for permission[edu.aut.autcms.entity.User@43,seam.grant-permission]

Khosro.

i Shane,

Maybe i am in a wrong way to describe my problem or maybe i can not undrestand how to use RunAsOperation class.

But in short :

I log in with username admin and password admin

then i want to insert this row in user table:

id username password
2   bob       bob

and i successfully add it to user table.
and then i wan to insert this row in permission table.

target  action                  recipient descriminator
user:2  homepage.management     bob       user

In pages.xml i restrict home page with :

<page view-id="/people/mgmt/homepage.xhtml">
  <restrict>#{s:hasPermission(userHome.user,'homepage.management')}</restrict> 
</page>

For doing this ,i had to first insert this row in permission table:

target action                  recipient descriminator
user:2  seam.grant-permission   admin      user

,otherwise i got this exception

org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[edu.aut.autcms.entity.User@53,seam.grant-permission]

And using RunAsOperation do not solve my problem.

Khosro.

Hello,

I have one basic question about security in Seam.
As Seam doc says(Permission checks for PermissionManager operations) ,if we want to grant a permission to a user(or role) on instance of a object(in Seam's term ,it is target),target must have seam.grant-permission
permission action.So first we must grant user(or role) on target and giving seam.grant-permission
permission action to target.
I use these codes:

MyController.java

     RunAsOperation asOperation=new RunAsOperation() {
          
          @Override
          public void execute() {
                securityService.grantPermissionByRole(target,
                          "seam.grant-permission", roleDAO.findByName("admin"));

          }
     };
     asOperation.addRole("admin").run();

SecurityService.java

    public void grantPermissionByRole(Object target, String action,Role role) {
          Permission permission = new Permission(target, action, new SimplePrincipal(role.getName()));
          PermissionManager.instance().grantPermission(permission);
     }

RoleDOA.java

       public Role findByName(String name) {
          String query = "FROM Role where name = ?";
          return (Role) em.createQuery(query).setParameter(1, name).getSingleResult();
     }

But i still got AuthorizationException in MyController class.
Exception is :

org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[edu.aut.autcms.entity.target@2b,seam.grant-permissio
n]

I am really confusing about using security in Seam.

Khosro.