13 Replies Latest reply on Dec 6, 2011 11:59 AM by mmaia

    JpaIdentityStore Implementation - Authorization check failed for permission ...

    mmaia

      I'm trying to implement for the first time a JpaIdentityStore registration using Seam. I'm new to Seam.


      So far I hava a User and Role entity market with jpa anotations as follows(note that email field is used as username).


      User:


      package br.com.anototudo.model.user;
      
      import..
      
      @Entity
      @Scope(ScopeType.SESSION)
      @Name("user")
      public class User implements Serializable{
      
              private static final long serialVersionUID = 5059329828560429517L;
              private Long id;
              private String nome;
              private String email;
              private String senha;
              private List<Role> roles;
              
              
              @Id
              @GeneratedValue
              public Long getId() {
                      return id;
              }
              
              @UserPrincipal
              @Length(max = 50)
              @NotNull
              @Email
              @Column(unique=true)
              public String getEmail() {
                      return email;
              }
              
              @UserPassword(hash="none")
              @Length(min=6, max = 20)
              @NotNull
              public String getSenha() {
                      return senha;
              }
      
              
              @UserRoles
              @ManyToMany(fetch=FetchType.EAGER)
              @JoinTable(joinColumns={@JoinColumn(name="user_id")}, inverseJoinColumns={@JoinColumn(name="role_id")})
              public List<Role> getRoles() {
                      return roles;
              }
              public void setRoles(List<Role> roles) {
                      this.roles = roles;
              }
      
      ...
      
      }
      



      Role:




      package br.com.anototudo.model.user;
      
      import...
      
      @Entity
      @Name("role")
      public class Role implements Serializable {
              
              private static final long serialVersionUID = 3905381619401193034L;
              private Long id;
              private String nome;
              private String descricao;
              
              @Id
              @GeneratedValue
              public Long getId() {
                      return id;
              }
              
              @RoleName
              @Length(max = 100)
              @NotNull
              @Column(unique=true)
              public String getNome() {
                      return nome;
              }
      ...
      
      }




      Than I have a UserRegister.xhtml:




      ...
      
      
                                      <s:decorate id="emailField" template="layout/edit.xhtml">
                                              <ui:define name="label">Email</ui:define>
                                              <h:inputText id="email" required="true" size="50" maxlength="50"
                                                      value="#{user.email}">
                                                      <a:support event="onblur" reRender="emailField"
                                                              bypassUpdates="true" ajaxSingle="true" />
                                              </h:inputText>
                                      </s:decorate>
      
      
                                      <s:decorate id="nomeField" template="layout/edit.xhtml">
                                              <ui:define name="label">Nome</ui:define>
                                              <h:inputText id="nome" required="true" size="100" maxlength="100"
                                                      value="#{user.nome}">
                                                      <a:support event="onblur" reRender="nomeField"
                                                              bypassUpdates="true" ajaxSingle="true" />
                                              </h:inputText>
                                      </s:decorate>
      
      
                                      <s:decorate id="passwordDecorate" template="layout/edit.xhtml">
                                              <ui:define name="label">
                                                                      Password:
                                                              </ui:define>
                                              <s:decorate>
                                                      <h:inputSecret id="password" value="#{user.senha}"
                                                              required="true" requiredMessage="Campo Obrigatório" />
                                              </s:decorate>
                                      </s:decorate>
      
                                      <s:decorate id="verifyDecorate" template="layout/edit.xhtml">
                                              <ui:define name="label">
                                                                      Verify Password:
                                                              </ui:define>
                                              <s:decorate>
                                                      <h:inputSecret id="verificar" value="#{registroBean.verificar}"
                                                              required="true" requiredMessage="Campo Obrigatório" />
                                              </s:decorate>
                                      </s:decorate>
      
                              <div class="actionButtons"><h:commandButton id="save"
                                      value="Save" action="#{registroBean.registrarUsuario()}" /></div>
      ...
      



      Also have developed a Stateful where I try to add the user. UserRegistroBean:




      package br.com.anototudo.sessionbeans;
      
      import ...
      
      @Stateful
      @Scope(ScopeType.EVENT)
      @Name("registroBean")
      public class UserRegistroBean implements UserRegistro{
              @In
              private User user;
      
              @In
              private IdentityManager identityManager;
              
              @In 
              private StatusMessages statusMessages;
              
              Logger log = Logger.getLogger(UserRegistroBean.class.getName());
      
              private String verificar;
              
              private boolean registrado;
              
              public void registrarUsuario()
              {
                      log.info("Entrou UserRegistroBean.registrarUsuario");
                      if ( user.getSenha().equals(verificar) )
                        {
                                try {
                                       new RunAsOperation() {
                                               public void execute() {
                                                       identityManager.createUser(user.getEmail(), user.getSenha());
                                                       identityManager.grantRole(user.getEmail(), "DIETA_CALORIAS");
                                               }
                                       }.addRole("admin").run();
                                       
                               statusMessages.add("Successfully registered as #{user.username}");
                               registrado = true;
                                } catch(IdentityManagementException e) {
                                       statusMessages.add(e.getMessage());
                                }
                        }
                    else 
                    {
                       statusMessages.addToControl("verificar", "Senha não confere. Digite novamente!");
                       verificar=null;
                    }
              }
              ...
      }
      



      Finally I have registered my intention in components.xml



      <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
         
         <security:jpa-identity-store user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>
      



      The error pops in the call to registrarUsuario() method from UserRegistroBean above and the error message follows:





      22:17:56,019 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
      javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
              at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
              at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
              at javax.faces.component.UICommand.broadcast(UICommand.java:387)
              at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
              at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
              at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
              at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
              at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
              at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
              at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
              at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
              at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
              at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
              at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
              at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
              at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
              at java.lang.Thread.run(Thread.java:619)
      Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
              at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
              at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:99)
              at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:94)
              at br.com.anototudo.sessionbeans.UserRegistroBean$1.execute(UserRegistroBean.java:46)
              at org.jboss.seam.security.Identity.runAs(Identity.java:743)
              at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:75)
              at br.com.anototudo.sessionbeans.UserRegistroBean.registrarUsuario(UserRegistroBean.java:49)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)





      I'm new to Seam and any help would be appreciated.




      []s





        • 1. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
          mwohlf

          Hi Marcos,


          "Authorization check failed for permission[seam.user,create]"


          means the role admin which you use to perform the user creation action doesn't have the permission for creating a user.
          A simple solution for testing is to use Identity.setSecurityEnabled(false);


          Take a look at the permission stuff in the docs.

          • 2. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
            mmaia

            Hi,


            I took a look at docs and found this entry that follows. As it mentions rules I believe this should be used for Drools engine. Questions:


            The JpaIdentityStore uses drools?
            Should I place this code in security.drl file?


            The official docs doesn't mention where to place the code. Only shows this snippet:




            The following code listing provides an example set of security rules that grants access to all Identity Management-related methods to members of the admin role:



            rule ManageUsers
              no-loop
              activation-group "permissions"
            when
              check: PermissionCheck(name == "seam.user", granted == false)
              Role(name == "admin")
            then
              check.grant();
            end
            
            rule ManageRoles
              no-loop
              activation-group "permissions"
            when
              check: PermissionCheck(name == "seam.role", granted == false)
              Role(name == "admin")
            then
              check.grant();
            end




            • 3. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
              mwohlf

              the code is for rules based permissions with Drools, this link describes the setup:
              Drools Setup


              you can also use a persistent permission store: JpaPermissionStore


              or mix both

              • 4. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                mmaia

                I read the suggested docs and realize I was missing the annotations used to map the JpaIdentityStore . I have market my User and Role with required annotations: @PermissionUser and @PermissionRole . I'm not using the annotations  @PermissionTarget and @PermissionAction . Also I have tryied to register my permissionStore in components.xml:




                <security:jpa-identity-store name="jpaPermissionStore" user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>
                <security:persistent-permission-resolver permission-store="#{jpaPermissionStore}"/>



                Still not working, now I get an error while initializing the application.
                If I comment the security:persistent-permission-resolver tag, my app deploys but registerinig fails as before. :(



                Questions:


                Are @PermissionTarget and @PermissionAction required? What are they used for? Couldn't find any comprehensive explanation for these.


                tx in advance.

                • 5. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                  mmaia

                  The error follows: Any clues? I'm still lost with this feature. :(




                  18:12:40,655 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
                  java.lang.RuntimeException: Could not create Component: authenticator
                       at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1202)
                       at org.jboss.seam.init.Initialization.installComponents(Initialization.java:1118)
                       at org.jboss.seam.init.Initialization.init(Initialization.java:733)
                       at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
                       at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
                       at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
                       at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
                       at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
                       at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
                       at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
                       at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
                       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                       at java.lang.reflect.Method.invoke(Method.java:597)
                       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
                       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
                       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
                       at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
                       at $Proxy38.start(Unknown Source)
                       at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
                       at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
                       at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
                       at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
                       at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
                       at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                       at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
                       at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                       at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                       at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
                       at org.jboss.system.ServiceController.start(ServiceController.java:460)
                       at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
                       at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
                       at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
                       at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
                       at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
                       at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
                       at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                       at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                       at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
                       at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
                       at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
                       at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:362)
                       at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:255)
                       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
                       at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
                       at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
                       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
                       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
                       at java.lang.Thread.run(Thread.java:619)
                  Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator
                       at org.jboss.seam.Component.getJndiName(Component.java:451)
                       at org.jboss.seam.Component.<init>(Component.java:233)
                       at org.jboss.seam.Component.<init>(Component.java:205)
                       at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1186)
                       ... 68 more



                  • 6. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                    mmaia

                    Have just added the target and action fields(I don't know why they're used?????) to my User and the error I'm getting now follows:





                    18:25:21,319 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
                    org.jboss.seam.InstantiationException: Could not instantiate Seam component: org.jboss.seam.security.persistentPermissionResolver
                         at org.jboss.seam.Component.newInstance(Component.java:2144)
                         at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304)
                         at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278)
                         at org.jboss.seam.contexts.ServletLifecycle.endInitialization(ServletLifecycle.java:116)
                         at org.jboss.seam.init.Initialization.init(Initialization.java:740)
                         at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
                         at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
                         at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
                         at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
                         at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
                         at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
                         at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
                         at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                         at java.lang.reflect.Method.invoke(Method.java:597)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
                         at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
                         at $Proxy38.start(Unknown Source)
                         at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
                         at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
                         at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
                         at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
                         at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
                         at org.jboss.system.ServiceController.start(ServiceController.java:460)
                         at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
                         at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
                         at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
                         at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
                         at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
                         at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
                         at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
                         at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
                         at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)
                         at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)
                         at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
                         at org.jboss.Main.boot(Main.java:221)
                         at org.jboss.Main$1.run(Main.java:556)
                         at java.lang.Thread.run(Thread.java:619)
                    Caused by: java.lang.IllegalArgumentException: could not set property value: org.jboss.seam.security.persistentPermissionResolver.setPermissionStore
                         at org.jboss.seam.Component.setPropertyValue(Component.java:1915)
                         at org.jboss.seam.Component.initialize(Component.java:1528)
                         at org.jboss.seam.Component.postConstructJavaBean(Component.java:1453)
                         at org.jboss.seam.Component.postConstruct(Component.java:1376)
                         at org.jboss.seam.Component.newInstance(Component.java:2129)
                         ... 75 more
                    Caused by: java.lang.IllegalArgumentException: Could not invoke method by reflection: PersistentPermissionResolver.setPermissionStore(org.jboss.seam.security.permission.PermissionStore) with parameters: (org.jboss.seam.security.management.JpaIdentityStore) on: org.jboss.seam.security.permission.PersistentPermissionResolver
                         at org.jboss.seam.util.Reflections.invoke(Reflections.java:32)
                         at org.jboss.seam.Component.setPropertyValue(Component.java:1911)
                         ... 79 more
                    Caused by: java.lang.IllegalArgumentException: argument type mismatch
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                         at java.lang.reflect.Method.invoke(Method.java:597)
                         at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
                         ... 80 more




                    Any ideas? I'm really lost here!!!!

                    • 7. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                      mmaia

                      I found the follow snippet in the error stack:



                      Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator





                      I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).


                      • 8. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                        shane.bryzak

                        Marcos Maia wrote on Mar 30, 2010 00:06:


                        I found the follow snippet in the error stack:


                        Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator





                        I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).




                        Make sure you have this in your components.xml:




                            <core:init jndi-pattern="@jndiPattern@" debug="false"/>



                        • 9. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                          shane.bryzak

                          You're mixing up identity annotations with permission annotations - read this section of the documentation:


                          http://docs.jboss.org/seam/2.2.1.CR1/reference/en-US/html/security.html#d0e9193


                          It lists the annotations that you need to annotate your user and role entities with to configure them for identity management, along with examples.

                          • 10. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                            mmaia

                            Ok,


                            I got it. Came back to initial implementation. Still getting the error about permission:




                            19:47:40,252 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
                            javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
                                 at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)




                            I have used seam-gem to build my project. I can see it's already configured to use Drools. Is this error related to Drools? By now I have no clue about how to solve it??? Any help will be appreciated?

                            • 11. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                              mmaia

                              I have just added the following code to my drools.dlr file.



                              package Permissions;
                              
                              import java.security.Principal;
                              
                              import org.jboss.seam.security.permission.PermissionCheck;
                              import org.jboss.seam.security.Role;
                              
                              rule ManageUsers
                                no-loop
                                activation-group "permissions"
                              when
                                check: PermissionCheck(name == "seam.user", granted == false)
                                Role(name == "admin")
                              then
                                check.grant();
                              end
                              
                              rule ManageRoles
                                no-loop
                                activation-group "permissions"
                              when
                                check: PermissionCheck(name == "seam.role", granted == false)
                                Role(name == "admin")
                              then
                                check.grant();
                              end




                              It's finally working :)





                              • 12. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                                clebiovieira

                                Oi Marcos, parece que você é brasileiro. Rapaz, to passando pelo mesmo problema.


                                Configurei o arquivo components.xml do Seam com as classes User e Role. Verifiquei que você não precisou
                                criar uma classe UserPermission, correto ? Estou perguntando porque encontrei em varios lugares falando sobre essa classe.


                                A unica coisa que precisou para funcionar foi mesmo esse arquivo drools.dlr ?


                                Abraços.

                                • 13. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                                  mmaia

                                  Isso mesmo, as classes User e Role com anotações e o drools.dir



                                  abçs