Seam 2.2.0 + drools for permissions check not working.
leitus Oct 31, 2010 5:40 PMHi Guys,
I'm pretty new using Seam, and I have a problem trying to extend the permission checker for rules for the visibility of a page. I've started using very complex expressions, and then tried to simplify them to see what might be causing the problem (with no success). This is how the implied files look:
components.xml
--------------
...
<drools:rule-base name="securityRules">
<drools:rule-files>
<value>/security.drl</value>
</drools:rule-files>
</drools:rule-base>
<drools:managed-working-memory name="securityRulesWorkingMemory" auto-create="true" rule-base="#{securityRules}"/>
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
...
ExperienceEdit.page.xml
-----------------------
...
<restrict>#{s:hasPermission('experience', 'edit', experienceHome)}</restrict>
...
security.drl
------------
...
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.Role;
import com.web2people.travelers.action.ExperienceHome;
rule ExperienceEditByCreator
no-loop
activation-group "permissions"
when
$perm: PermissionCheck(name == "experience", action == "edit")
ExperienceHome( afirmativeValue > 4 )
then
$perm.grant();
end
...
ExperienceHome.java
-------------------
public Integer afirmativeValue = 9;
public Integer getAfirmativeValue(){
return afirmativeValue;
}
public void setAfirmativeValue(Integer afirmativeValue){
this.afirmativeValue = afirmativeValue;
}
------------------------------------------------------
The result when I try to access the page is:
18:38:34,110 ERROR [Exceptions] handled and logged exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('experience', 'edit', experienceHome)}]
at org.jboss.seam.security.Identity.checkRestriction(Identity.java:222)
at org.jboss.seam.navigation.Page.checkPermission(Page.java:263)
at org.jboss.seam.navigation.Page.preRender(Page.java:283)
at org.jboss.seam.navigation.Pages.preRender(Pages.java:350)
The rule is the simplest I could try, and I'm sure the method "getAfirmativeValue" is beeing called since it stops on a breakpoint when I'm debugging it, and by debugging I've also been able to proove that the fact is really on the Working Memory.
If I remove the line:
ExperienceHome( afirmativeValue > 4 )
It works properly.
I've tried everything (even upgrading the drools libraries) and it is still not working. Maybe the integration was not designed to work apart from Roles, but it feels really strange.
Do you have any idea of why this might be happening?
Thanks in advance.
I'm pretty new using Seam, and I have a problem trying to extend the permission checker for rules for the visibility of a page. I've started using very complex expressions, and then tried to simplify them to see what might be causing the problem (with no success). This is how the implied files look:
components.xml
--------------
...
<drools:rule-base name="securityRules">
<drools:rule-files>
<value>/security.drl</value>
</drools:rule-files>
</drools:rule-base>
<drools:managed-working-memory name="securityRulesWorkingMemory" auto-create="true" rule-base="#{securityRules}"/>
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
...
ExperienceEdit.page.xml
-----------------------
...
<restrict>#{s:hasPermission('experience', 'edit', experienceHome)}</restrict>
...
security.drl
------------
...
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.Role;
import com.web2people.travelers.action.ExperienceHome;
rule ExperienceEditByCreator
no-loop
activation-group "permissions"
when
$perm: PermissionCheck(name == "experience", action == "edit")
ExperienceHome( afirmativeValue > 4 )
then
$perm.grant();
end
...
ExperienceHome.java
-------------------
public Integer afirmativeValue = 9;
public Integer getAfirmativeValue(){
return afirmativeValue;
}
public void setAfirmativeValue(Integer afirmativeValue){
this.afirmativeValue = afirmativeValue;
}
------------------------------------------------------
The result when I try to access the page is:
18:38:34,110 ERROR [Exceptions] handled and logged exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('experience', 'edit', experienceHome)}]
at org.jboss.seam.security.Identity.checkRestriction(Identity.java:222)
at org.jboss.seam.navigation.Page.checkPermission(Page.java:263)
at org.jboss.seam.navigation.Page.preRender(Page.java:283)
at org.jboss.seam.navigation.Pages.preRender(Pages.java:350)
The rule is the simplest I could try, and I'm sure the method "getAfirmativeValue" is beeing called since it stops on a breakpoint when I'm debugging it, and by debugging I've also been able to proove that the fact is really on the Working Memory.
If I remove the line:
ExperienceHome( afirmativeValue > 4 )
It works properly.
I've tried everything (even upgrading the drools libraries) and it is still not working. Maybe the integration was not designed to work apart from Roles, but it feels really strange.
Do you have any idea of why this might be happening?
Thanks in advance.