-
1. Re: hasPermission changes and my use of active directory
edoetsch May 16, 2011 1:52 PM (in response to edoetsch)So it seems like I might be encountering some other problem.
The jboss-seam-2.1.1.GA and jboss-seam-2.2.2.Final Identity.java has not changed.
-
2. Re: hasPermission changes and my use of active directory
edoetsch May 16, 2011 1:57 PM (in response to edoetsch)I cannot seem to find the ability to edit the original post, sorry for this.
The actual problem I am running into is the hasRole() is currently working but hasPermission() is NOT working.
My 2nd comment means I understand that in fact my Seam 2.1.1 upgrade to 2.2.2 should not have seen behavior change during my current 2.1.1 to 2.2.2 upgrade but I can definitely see that hasPermission() is behaving differently.
Again sorry for the confusion.
-
3. Re: hasPermission changes and my use of active directory
edoetsch May 16, 2011 2:27 PM (in response to edoetsch)Looking at the code, I guess it is possible my permissionMapper is null. I searched for permissionmapper in the logs of the default jboss server and did not see any reference to it.
public boolean hasPermission(String name, String action, Object...arg) { if (!securityEnabled) return true; if (systemOp != null && Boolean.TRUE.equals(systemOp.get())) return true; if (permissionMapper == null) return false; if (arg != null) { return permissionMapper.resolvePermission(arg[0], action); } else { return permissionMapper.resolvePermission(name, action); } }
-
4. Re: hasPermission changes and my use of active directory
edoetsch May 16, 2011 4:24 PM (in response to edoetsch)I do have a security-rules.drl in:
<drools:rule-base name="securityRules"> <drools:rule-files> <value>/META-INF/security-rules.drl</value> </drools:rule-files> </drools:rule-base> <security:identity jaas-config-name="active-dir"/>
with a rule like:
rule CanContractReviewerViewContract when c: PermissionCheck(name == "contract", action == "view") Role(name == "ContractReviewer") then c.grant(); end;
I publish my ear in profile.xml as:
<property name="applicationURIs"> <list elementClass="java.net.URI"> <value>${jboss.server.home.url}deploy</value> <value>file:///${deploy.root}/ears</value> </list> </property>
The structure under ears is:
ears/rms.ear/META-INF/security-rules.drl
which has not changed during my upgrade.
-
5. Re: hasPermission changes and my use of active directory
edoetsch May 17, 2011 1:59 PM (in response to edoetsch)I finally figured this out:
The documentation states to use the following seam jars in my application:
drools-api.jar
drools-compiler.jar
drools-core.jar
drools-decisiontables.jar
drools-templates.jar
janino.jar
antlr-runtime.jar
mvel2.jarI have put these jars in the appropriate place but somehow forgot to add drools-api.jar to application.xml (I had added the others)
I think what this caused was that the attempt to start drools never even happened so there was no error and log information as well. Just dead silence.