13 Replies Latest reply on Dec 6, 2011 11:59 AM by mmaia

JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 29, 2010 3:41 AM

I'm trying to implement for the first time a JpaIdentityStore registration using Seam. I'm new to Seam.

So far I hava a User and Role entity market with jpa anotations as follows(note that email field is used as username).

User:

package br.com.anototudo.model.user;

import..

@Entity
@Scope(ScopeType.SESSION)
@Name("user")
public class User implements Serializable{

        private static final long serialVersionUID = 5059329828560429517L;
        private Long id;
        private String nome;
        private String email;
        private String senha;
        private List<Role> roles;
        
        
        @Id
        @GeneratedValue
        public Long getId() {
                return id;
        }
        
        @UserPrincipal
        @Length(max = 50)
        @NotNull
        @Email
        @Column(unique=true)
        public String getEmail() {
                return email;
        }
        
        @UserPassword(hash="none")
        @Length(min=6, max = 20)
        @NotNull
        public String getSenha() {
                return senha;
        }

        
        @UserRoles
        @ManyToMany(fetch=FetchType.EAGER)
        @JoinTable(joinColumns={@JoinColumn(name="user_id")}, inverseJoinColumns={@JoinColumn(name="role_id")})
        public List<Role> getRoles() {
                return roles;
        }
        public void setRoles(List<Role> roles) {
                this.roles = roles;
        }

...

}

Role:

package br.com.anototudo.model.user;

import...

@Entity
@Name("role")
public class Role implements Serializable {
        
        private static final long serialVersionUID = 3905381619401193034L;
        private Long id;
        private String nome;
        private String descricao;
        
        @Id
        @GeneratedValue
        public Long getId() {
                return id;
        }
        
        @RoleName
        @Length(max = 100)
        @NotNull
        @Column(unique=true)
        public String getNome() {
                return nome;
        }
...

}

Than I have a UserRegister.xhtml:

...


                                <s:decorate id="emailField" template="layout/edit.xhtml">
                                        <ui:define name="label">Email</ui:define>
                                        <h:inputText id="email" required="true" size="50" maxlength="50"
                                                value="#{user.email}">
                                                <a:support event="onblur" reRender="emailField"
                                                        bypassUpdates="true" ajaxSingle="true" />
                                        </h:inputText>
                                </s:decorate>


                                <s:decorate id="nomeField" template="layout/edit.xhtml">
                                        <ui:define name="label">Nome</ui:define>
                                        <h:inputText id="nome" required="true" size="100" maxlength="100"
                                                value="#{user.nome}">
                                                <a:support event="onblur" reRender="nomeField"
                                                        bypassUpdates="true" ajaxSingle="true" />
                                        </h:inputText>
                                </s:decorate>


                                <s:decorate id="passwordDecorate" template="layout/edit.xhtml">
                                        <ui:define name="label">
                                                                Password:
                                                        </ui:define>
                                        <s:decorate>
                                                <h:inputSecret id="password" value="#{user.senha}"
                                                        required="true" requiredMessage="Campo Obrigatório" />
                                        </s:decorate>
                                </s:decorate>

                                <s:decorate id="verifyDecorate" template="layout/edit.xhtml">
                                        <ui:define name="label">
                                                                Verify Password:
                                                        </ui:define>
                                        <s:decorate>
                                                <h:inputSecret id="verificar" value="#{registroBean.verificar}"
                                                        required="true" requiredMessage="Campo Obrigatório" />
                                        </s:decorate>
                                </s:decorate>

                        <div class="actionButtons"><h:commandButton id="save"
                                value="Save" action="#{registroBean.registrarUsuario()}" /></div>
...

Also have developed a Stateful where I try to add the user. UserRegistroBean:

package br.com.anototudo.sessionbeans;

import ...

@Stateful
@Scope(ScopeType.EVENT)
@Name("registroBean")
public class UserRegistroBean implements UserRegistro{
        @In
        private User user;

        @In
        private IdentityManager identityManager;
        
        @In 
        private StatusMessages statusMessages;
        
        Logger log = Logger.getLogger(UserRegistroBean.class.getName());

        private String verificar;
        
        private boolean registrado;
        
        public void registrarUsuario()
        {
                log.info("Entrou UserRegistroBean.registrarUsuario");
                if ( user.getSenha().equals(verificar) )
                  {
                          try {
                                 new RunAsOperation() {
                                         public void execute() {
                                                 identityManager.createUser(user.getEmail(), user.getSenha());
                                                 identityManager.grantRole(user.getEmail(), "DIETA_CALORIAS");
                                         }
                                 }.addRole("admin").run();
                                 
                         statusMessages.add("Successfully registered as #{user.username}");
                         registrado = true;
                          } catch(IdentityManagementException e) {
                                 statusMessages.add(e.getMessage());
                          }
                  }
              else 
              {
                 statusMessages.addToControl("verificar", "Senha não confere. Digite novamente!");
                 verificar=null;
              }
        }
        ...
}

Finally I have registered my intention in components.xml

<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
   
   <security:jpa-identity-store user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>

The error pops in the call to registrarUsuario() method from UserRegistroBean above and the error message follows:

22:17:56,019 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
        at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
        at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
        at javax.faces.component.UICommand.broadcast(UICommand.java:387)
        at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
        at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
        at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
        at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
        at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
        at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
        at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
        at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
        at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
        at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
        at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
        at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
        at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
        at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
        at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:99)
        at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:94)
        at br.com.anototudo.sessionbeans.UserRegistroBean$1.execute(UserRegistroBean.java:46)
        at org.jboss.seam.security.Identity.runAs(Identity.java:743)
        at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:75)
        at br.com.anototudo.sessionbeans.UserRegistroBean.registrarUsuario(UserRegistroBean.java:49)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

I'm new to Seam and any help would be appreciated.

[]s

1. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mwohlf Mar 29, 2010 10:24 AM (in response to mmaia)

Hi Marcos,

"Authorization check failed for permission[seam.user,create]"

means the role admin which you use to perform the user creation action doesn't have the permission for creating a user.
A simple solution for testing is to use Identity.setSecurityEnabled(false);

Take a look at the permission stuff in the docs.
Actions
2. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 29, 2010 3:26 PM (in response to mmaia)
Hi,

I took a look at docs and found this entry that follows. As it mentions rules I believe this should be used for Drools engine. Questions:

The JpaIdentityStore uses drools?
Should I place this code in security.drl file?

The official docs doesn't mention where to place the code. Only shows this snippet:

The following code listing provides an example set of security rules that grants access to all Identity Management-related methods to members of the admin role:

rule ManageUsers no-loop activation-group "permissions" when check: PermissionCheck(name == "seam.user", granted == false) Role(name == "admin") then check.grant(); end rule ManageRoles no-loop activation-group "permissions" when check: PermissionCheck(name == "seam.role", granted == false) Role(name == "admin") then check.grant(); end
Actions
3. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mwohlf Mar 29, 2010 4:11 PM (in response to mmaia)

the code is for rules based permissions with Drools, this link describes the setup:
Drools Setup

you can also use a persistent permission store: JpaPermissionStore

or mix both
Actions
4. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 29, 2010 10:50 PM (in response to mmaia)
I read the suggested docs and realize I was missing the annotations used to map the JpaIdentityStore . I have market my User and Role with required annotations: @PermissionUser and @PermissionRole . I'm not using the annotations @PermissionTarget and @PermissionAction . Also I have tryied to register my permissionStore in components.xml:

<security:jpa-identity-store name="jpaPermissionStore" user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store> <security:persistent-permission-resolver permission-store="#{jpaPermissionStore}"/>

Still not working, now I get an error while initializing the application.
If I comment the security:persistent-permission-resolver tag, my app deploys but registerinig fails as before. :(

Questions:

Are @PermissionTarget and @PermissionAction required? What are they used for? Couldn't find any comprehensive explanation for these.

tx in advance.
Actions

5. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 29, 2010 11:18 PM (in response to mmaia)

The error follows: Any clues? I'm still lost with this feature. :(

18:12:40,655 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
java.lang.RuntimeException: Could not create Component: authenticator
     at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1202)
     at org.jboss.seam.init.Initialization.installComponents(Initialization.java:1118)
     at org.jboss.seam.init.Initialization.init(Initialization.java:733)
     at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
     at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
     at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
     at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
     at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
     at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
     at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
     at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
     at $Proxy38.start(Unknown Source)
     at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
     at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
     at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
     at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
     at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
     at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
     at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
     at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
     at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
     at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
     at org.jboss.system.ServiceController.start(ServiceController.java:460)
     at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
     at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
     at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
     at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
     at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
     at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
     at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
     at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
     at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
     at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
     at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
     at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:362)
     at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:255)
     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
     at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
     at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
     at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator
     at org.jboss.seam.Component.getJndiName(Component.java:451)
     at org.jboss.seam.Component.<init>(Component.java:233)
     at org.jboss.seam.Component.<init>(Component.java:205)
     at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1186)
     ... 68 more

6. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 29, 2010 11:38 PM (in response to mmaia)

Have just added the target and action fields(I don't know why they're used?????) to my User and the error I'm getting now follows:

18:25:21,319 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
org.jboss.seam.InstantiationException: Could not instantiate Seam component: org.jboss.seam.security.persistentPermissionResolver
     at org.jboss.seam.Component.newInstance(Component.java:2144)
     at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304)
     at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278)
     at org.jboss.seam.contexts.ServletLifecycle.endInitialization(ServletLifecycle.java:116)
     at org.jboss.seam.init.Initialization.init(Initialization.java:740)
     at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
     at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
     at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
     at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
     at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
     at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
     at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
     at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
     at $Proxy38.start(Unknown Source)
     at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
     at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
     at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
     at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
     at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
     at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
     at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
     at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
     at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
     at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
     at org.jboss.system.ServiceController.start(ServiceController.java:460)
     at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
     at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
     at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
     at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
     at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
     at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
     at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
     at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
     at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
     at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
     at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
     at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
     at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
     at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
     at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)
     at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
     at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
     at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
     at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
     at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
     at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)
     at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)
     at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
     at org.jboss.Main.boot(Main.java:221)
     at org.jboss.Main$1.run(Main.java:556)
     at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalArgumentException: could not set property value: org.jboss.seam.security.persistentPermissionResolver.setPermissionStore
     at org.jboss.seam.Component.setPropertyValue(Component.java:1915)
     at org.jboss.seam.Component.initialize(Component.java:1528)
     at org.jboss.seam.Component.postConstructJavaBean(Component.java:1453)
     at org.jboss.seam.Component.postConstruct(Component.java:1376)
     at org.jboss.seam.Component.newInstance(Component.java:2129)
     ... 75 more
Caused by: java.lang.IllegalArgumentException: Could not invoke method by reflection: PersistentPermissionResolver.setPermissionStore(org.jboss.seam.security.permission.PermissionStore) with parameters: (org.jboss.seam.security.management.JpaIdentityStore) on: org.jboss.seam.security.permission.PersistentPermissionResolver
     at org.jboss.seam.util.Reflections.invoke(Reflections.java:32)
     at org.jboss.seam.Component.setPropertyValue(Component.java:1911)
     ... 79 more
Caused by: java.lang.IllegalArgumentException: argument type mismatch
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
     ... 80 more

Any ideas? I'm really lost here!!!!

7. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Mar 30, 2010 12:06 AM (in response to mmaia)
I found the follow snippet in the error stack:

Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator

I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).
Actions
8. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

shane.bryzak Mar 30, 2010 12:35 AM (in response to mmaia)
Marcos Maia wrote on Mar 30, 2010 00:06:

I found the follow snippet in the error stack:

Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator

I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).

Make sure you have this in your components.xml:

<core:init jndi-pattern="@jndiPattern@" debug="false"/>
Actions
9. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

shane.bryzak Mar 30, 2010 12:40 AM (in response to mmaia)

You're mixing up identity annotations with permission annotations - read this section of the documentation:

http://docs.jboss.org/seam/2.2.1.CR1/reference/en-US/html/security.html#d0e9193

It lists the annotations that you need to annotate your user and role entities with to configure them for identity management, along with examples.
Actions
10. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Apr 1, 2010 12:53 AM (in response to mmaia)
Ok,

I got it. Came back to initial implementation. Still getting the error about permission:

19:47:40,252 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create] javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)

I have used seam-gem to build my project. I can see it's already configured to use Drools. Is this error related to Drools? By now I have no clue about how to solve it??? Any help will be appreciated?
Actions

11. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Apr 1, 2010 1:20 AM (in response to mmaia)

I have just added the following code to my drools.dlr file.

package Permissions;

import java.security.Principal;

import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.Role;

rule ManageUsers
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(name == "seam.user", granted == false)
  Role(name == "admin")
then
  check.grant();
end

rule ManageRoles
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(name == "seam.role", granted == false)
  Role(name == "admin")
then
  check.grant();
end

It's finally working :)

12. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

clebiovieira Dec 6, 2011 8:44 AM (in response to mmaia)

Oi Marcos, parece que você é brasileiro. Rapaz, to passando pelo mesmo problema.

Configurei o arquivo components.xml do Seam com as classes User e Role. Verifiquei que você não precisou
criar uma classe UserPermission, correto ? Estou perguntando porque encontrei em varios lugares falando sobre essa classe.

A unica coisa que precisou para funcionar foi mesmo esse arquivo drools.dlr ?

Abraços.
Actions
13. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...

mmaia Dec 6, 2011 11:59 AM (in response to mmaia)

Isso mesmo, as classes User e Role com anotações e o drools.dir

abçs
Actions

Go to original post