2 Replies Latest reply on Apr 20, 2010 12:35 AM by nifs

    Using grantPermissions of PermissionManager

    nifs

      Hi everyone


      I'm using Seam security in my application, and i want to save permissions using the following method:


      grantPermissions(List<Permission> permissions)



      But, when i execute my application, the view shows this message:


          You don't have permission to access this resource


      and the following exception appears:


      ERROR [EXCEPTIONS] handled and logged exception
      javax.el.ELException: org.jboss.seam.security.AuthorizationException: Autorization check failed for permission[target1,seam.grant-permission]



      ¿How to solve this problem?


      Thanks in advance!!! (This is my first post)






        • 1. Re: Using grantPermissions of PermissionManager
          khosro_question
          • 2. Re: Using grantPermissions of PermissionManager
            nifs

            Finally i solved the problem; first we create the rule, in security.drl:


            rule GiveFullPermissions
               no-loop
            when
               perm: PermissionCheck(target == "PermissionsClass", action == "seam.grant-permission", granted == false);
               Role(name == "root");
            then
               perm.grant();
            end
            



            PermissionsClass indicates the seam component where the grantPermissions method is used(This is very important).


            So, we add a row in our permission table like the following:


            TABLE: OUR_PERMISSION_TABLE
            target           action                recipient   descriminator
            PermissionsClass seam.grant-permission root        user
            



            The seam reference says: Invoking the methods of PermissionManager requires that the currently authenticated user has the appropriate authorization to perform that management operation


            So in the table showed in the reference, we see that the permission action for grantPermissions() is seam.grant-permission, so that's why we need to insert it before to the database with target equals to PermissionsClass.


            My problem was located in the target passed to:


            new Permission(Object target, String action, Principal recipient)



            As I saw, the target must be exactly PermissionsClass, and now it works!!!


            Thanks Khosro, your post was useful