JpaIdentityStore Implementation - Authorization check failed for permission ...
mmaia Mar 29, 2010 3:41 AMI'm trying to implement for the first time a JpaIdentityStore registration using Seam. I'm new to Seam.
So far I hava a User and Role entity market with jpa anotations as follows(note that email field is used as username).
User:
package br.com.anototudo.model.user; import.. @Entity @Scope(ScopeType.SESSION) @Name("user") public class User implements Serializable{ private static final long serialVersionUID = 5059329828560429517L; private Long id; private String nome; private String email; private String senha; private List<Role> roles; @Id @GeneratedValue public Long getId() { return id; } @UserPrincipal @Length(max = 50) @NotNull @Email @Column(unique=true) public String getEmail() { return email; } @UserPassword(hash="none") @Length(min=6, max = 20) @NotNull public String getSenha() { return senha; } @UserRoles @ManyToMany(fetch=FetchType.EAGER) @JoinTable(joinColumns={@JoinColumn(name="user_id")}, inverseJoinColumns={@JoinColumn(name="role_id")}) public List<Role> getRoles() { return roles; } public void setRoles(List<Role> roles) { this.roles = roles; } ... }
Role:
package br.com.anototudo.model.user; import... @Entity @Name("role") public class Role implements Serializable { private static final long serialVersionUID = 3905381619401193034L; private Long id; private String nome; private String descricao; @Id @GeneratedValue public Long getId() { return id; } @RoleName @Length(max = 100) @NotNull @Column(unique=true) public String getNome() { return nome; } ... }
Than I have a UserRegister.xhtml:
... <s:decorate id="emailField" template="layout/edit.xhtml"> <ui:define name="label">Email</ui:define> <h:inputText id="email" required="true" size="50" maxlength="50" value="#{user.email}"> <a:support event="onblur" reRender="emailField" bypassUpdates="true" ajaxSingle="true" /> </h:inputText> </s:decorate> <s:decorate id="nomeField" template="layout/edit.xhtml"> <ui:define name="label">Nome</ui:define> <h:inputText id="nome" required="true" size="100" maxlength="100" value="#{user.nome}"> <a:support event="onblur" reRender="nomeField" bypassUpdates="true" ajaxSingle="true" /> </h:inputText> </s:decorate> <s:decorate id="passwordDecorate" template="layout/edit.xhtml"> <ui:define name="label"> Password: </ui:define> <s:decorate> <h:inputSecret id="password" value="#{user.senha}" required="true" requiredMessage="Campo Obrigatório" /> </s:decorate> </s:decorate> <s:decorate id="verifyDecorate" template="layout/edit.xhtml"> <ui:define name="label"> Verify Password: </ui:define> <s:decorate> <h:inputSecret id="verificar" value="#{registroBean.verificar}" required="true" requiredMessage="Campo Obrigatório" /> </s:decorate> </s:decorate> <div class="actionButtons"><h:commandButton id="save" value="Save" action="#{registroBean.registrarUsuario()}" /></div> ...
Also have developed a Stateful where I try to add the user. UserRegistroBean:
package br.com.anototudo.sessionbeans; import ... @Stateful @Scope(ScopeType.EVENT) @Name("registroBean") public class UserRegistroBean implements UserRegistro{ @In private User user; @In private IdentityManager identityManager; @In private StatusMessages statusMessages; Logger log = Logger.getLogger(UserRegistroBean.class.getName()); private String verificar; private boolean registrado; public void registrarUsuario() { log.info("Entrou UserRegistroBean.registrarUsuario"); if ( user.getSenha().equals(verificar) ) { try { new RunAsOperation() { public void execute() { identityManager.createUser(user.getEmail(), user.getSenha()); identityManager.grantRole(user.getEmail(), "DIETA_CALORIAS"); } }.addRole("admin").run(); statusMessages.add("Successfully registered as #{user.username}"); registrado = true; } catch(IdentityManagementException e) { statusMessages.add(e.getMessage()); } } else { statusMessages.addToControl("verificar", "Senha não confere. Digite novamente!"); verificar=null; } } ... }
Finally I have registered my intention in components.xml
<security:rule-based-permission-resolver security-rules="#{securityRules}"/> <security:jpa-identity-store user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>
The error pops in the call to registrarUsuario() method from UserRegistroBean above and the error message follows:
22:17:56,019 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create] javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create] at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) at javax.faces.component.UICommand.broadcast(UICommand.java:387) at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create] at org.jboss.seam.security.Identity.checkPermission(Identity.java:590) at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:99) at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:94) at br.com.anototudo.sessionbeans.UserRegistroBean$1.execute(UserRegistroBean.java:46) at org.jboss.seam.security.Identity.runAs(Identity.java:743) at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:75) at br.com.anototudo.sessionbeans.UserRegistroBean.registrarUsuario(UserRegistroBean.java:49) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
I'm new to Seam and any help would be appreciated.
[]s