-
1. Re: in PersistentPermissionResolver.filterSetByAction
baraber Apr 17, 2012 12:31 PM (in response to alim88)1 of 1 people found this helpfulI think you should read this : https://community.jboss.org/message/652004
Unfortunately the permission stuff does not work in seam 3. Except for Rule based permissions, these works well.
ACL permissions where asked by many people but it doesn't seem to be planned at all (hope I'm mistaking on this, though).
Is that because all the efforts are for the DeltaSpike project ?
I should probably ask in another thread
-
2. Re: in PersistentPermissionResolver.filterSetByAction
baraber Apr 17, 2012 12:34 PM (in response to baraber)Sorry for double posting, but indeed most of the efforts are on delta spike :
-
3. Re: in PersistentPermissionResolver.filterSetByAction
alim88 Apr 17, 2012 12:51 PM (in response to alim88)Thank you for link, Richard.
But can I disable PersistentPermissionResolver.filterSetByAction from resolver chain? It fails with NullPointerException and my custom PermissionResolver implementation isn't called. This is the problem.
-
4. Re: in PersistentPermissionResolver.filterSetByAction
baraber Apr 17, 2012 2:16 PM (in response to alim88)I think not. But you could provide a dummy identityPermissionClass :
{code}
package foo.bar;
import javax.persistence.GenerationType;
import javax.persistence.Table;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.ManyToOne;
import javax.validation.constraints.NotNull;
import org.jboss.seam.security.annotations.permission.PermissionProperty;
import static org.jboss.seam.security.annotations.permission.PermissionPropertyType.*;
/**
* This entity stores ACL permissions
*
* @author Shane Bryzak
*/
@Entity
@Table(name="IdentityPermission")
public class IdentityPermission implements Serializable {
private static final long serialVersionUID = -5366058398015495583L;
private Long id;
private IdentityObject identityObject;
private IdentityObjectRelationshipType relationshipType;
private String relationshipName;
private String resource;
private String permission;
/**
* Surrogate primary key value for the permission.
*
* @return
*/
@Id
@GeneratedValue(strategy= GenerationType.IDENTITY)
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
/**
* Either the specific identity object for which this permission is granted,
* or in the case of a permission granted against a group, this property
* then represents the "to" side of the group relationship. Required field.
*
* @return
*/
@NotNull
@ManyToOne
@PermissionProperty(IDENTITY)
public IdentityObject getIdentityObject() {
return identityObject;
}
public void setIdentityObject(IdentityObject identityObject) {
this.identityObject = identityObject;
}
/**
* If this permission is granted to a group of identities, then this property may
* be used to indicate the relationship type of the group membership. For example,
* a group or role relationship. It is possible that the permission may also be
* granted to identities that have *any* sort of membership within a group, in
* which case this property would be null.
*
* @return
*/
@ManyToOne
@PermissionProperty(RELATIONSHIP_TYPE)
public IdentityObjectRelationshipType getRelationshipType() {
return relationshipType;
}
public void setRelationshipType(IdentityObjectRelationshipType relationshipType) {
this.relationshipType = relationshipType;
}
/**
* If this permission is granted to a group of identities, then this property
* may be used to indicate the name for named relationships, such as role
* memberships.
*
* @return
*/
@PermissionProperty(RELATIONSHIP_NAME)
public String getRelationshipName() {
return relationshipName;
}
public void setRelationshipName(String relationshipName) {
this.relationshipName = relationshipName;
}
/**
* The unique identifier for the resource for which permission is granted
*
* @return
*/
@PermissionProperty(RESOURCE)
public String getResource() {
return resource;
}
public void setResource(String resource) {
this.resource = resource;
}
/**
* The permission(s) granted for the resource. May either be a comma-separated
* list of permission names (such as create, delete, etc) or a bit-masked
* integer value, in which each bit represents a different permission.
*
* @return
*/
@PermissionProperty(PERMISSION)
public String getPermission() {
return permission;
}
public void setPermission(String permission) {
this.permission = permission;
}
}
{code}
And configure it :
{code:xml}
<beans xmlns="
http://java.sun.com/xml/ns/javaee
"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:java:ee"
xmlns:security="urn:java:org.jboss.seam.security"
xmlns:permission="urn:java:org.jboss.seam.security.permission"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
<security:JpaPermissionStore>
<s:modifies/>
<security:identityPermissionClass>foo.bar.IdentityPermission</security:identityPermissionClass>
</security:JpaPermissionStore>
</beans>
{code}
That should work around the error. Let me know if you make it work -
5. Re: in PersistentPermissionResolver.filterSetByAction
alim88 Apr 18, 2012 9:40 AM (in response to baraber)Thanks a lot, Richard.
But
identityPermissionClass
is not injected in JpaPermissionStore anywayI have copied your
IdentityPermission realization and configured seam. Now seam-beans.xml contents look this way:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:s="urn:java:ee" xmlns:security="urn:java:org.jboss.seam.security" xmlns:permission="urn:java:org.jboss.seam.security.permission" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd"> <security:JpaPermissionStore> <s:replaces/> <security:identityPermissionClass>com.foo.bar.security.IdentityPermission</security:identityPermissionClass> </security:JpaPermissionStore> </beans>
seam-beans.xml is in src/main/resources/META-INF folder. I tried to use beans.xml with the same contents but it isn't work too. And it seems container doesn't attempt to load IdentityPermission class. There isn't any logs relatated to it, only "No identityPermissionClass set, JpaPermissionStore will be unavailable."
-
6. Re: in PersistentPermissionResolver.filterSetByAction
baraber Apr 18, 2012 4:47 PM (in response to alim88)I just tested it on my side, and it works for me.
I mean, as soon as I provide and configure the IdentityPermission as in my previous post, JpaPermissionStore.enabled becomes true.
Commenting the configuration in seam-beans make JpaPermissionStore.enabled false.By the way, I'm using seam 3.1.0.Final with glassfish 3.1.2
-
7. Re: in PersistentPermissionResolver.filterSetByAction
rt_olsson May 8, 2012 10:40 AM (in response to baraber)I'm also struggling with enabling the JpaPermissionStore. No matter how I put things into beans.xml or seam-beans.xml it just doesn't work. I have spent hours debugging Seam Security, Seam Solder and Weld but to no avail. From what I can see the configuration files aren't even read, or at least not the portion that should configure the Seam beans. The deployment structure: EAR containing a WAR (with beans) which in turn contains a JAR (with beans). The classes related to JpaPermissionStore is located in the JAR file. I try to deploy this to an JBoss AS 7.1 server.
-
8. Re: in PersistentPermissionResolver.filterSetByAction
lightguard May 8, 2012 10:54 AM (in response to rt_olsson)Try the annotations, they're easier to use anyway.
-
9. Re: in PersistentPermissionResolver.filterSetByAction
alim88 May 8, 2012 10:56 AM (in response to alim88)Hi guys,
I want to thank Richard, his answers hepled me a lot. And now it works for me.Roland, I faced with the same problem - Seam didn't see my beans.xml.
So I had added Seam Config XML dependency in my pom.xml an it worked!
<dependency> <groupId>org.jboss.seam.config</groupId> <artifactId>seam-config-xml</artifactId> <scope>runtime</scope> </dependency>
And when your application are starting Seam Config XML provider installs beans from beans.xml
BTW, Beans.xml is placed in .../main/resources/META-INF/beans.xml
Hope it hepls.
-
10. Re: in PersistentPermissionResolver.filterSetByAction
rt_olsson May 11, 2012 7:25 AM (in response to lightguard)Which annotation? I already use the IdentityEntity annotation for the other identity entity classes. This annotation, however, lacks support for an identity permission entity type.
Jason Porter wrote:
Try the annotations, they're easier to use anyway.
-
11. Re: in PersistentPermissionResolver.filterSetByAction
rt_olsson May 11, 2012 7:34 AM (in response to alim88)If I add the seam-config-xml module as a dependency it doesn't deploy at all. It doesn't allow my to use this module in parallel with the solder-impl module. From what I understand the functionality of the seam-config-xml module has now completely moved into Solder?
Alim Abdulkhairov wrote:
Hi guys,
I want to thank Richard, his answers hepled me a lot. And now it works for me.Roland, I faced with the same problem - Seam didn't see my beans.xml.
So I had added Seam Config XML dependency in my pom.xml an it worked!
<dependency> <groupId>org.jboss.seam.config</groupId> <artifactId>seam-config-xml</artifactId> <scope>runtime</scope> </dependency>
And when your application are starting Seam Config XML provider installs beans from beans.xml
BTW, Beans.xml is placed in .../main/resources/META-INF/beans.xml
Hope it hepls.
-
12. Re: in PersistentPermissionResolver.filterSetByAction
rt_olsson May 11, 2012 7:55 AM (in response to rt_olsson)Debugging the process of retreiving the bean configuration files I end up in the org.jboss.solder.servlet.resource.WebResourceLocator and its getWebResourceUrl(path) method. This gets called with e g "WEB-INF/beans.xml". But something seems to go wrong in here. The ServiceLoader.load method doesn't find any WebResourceLocationProvider service and returns an iterator to an empty collection. This results in the method returning a null resource URL.
Have I missed anything configuration wise or maybe is this a bug in Seam Solder? I deploy my application to a JBoss AS 7.1 Final server.
package org.jboss.solder.servlet.resource;
...
public class WebResourceLocator {
...
public URL getWebResourceUrl(final String path) {
// build sorted list of provider implementations
List<WebResourceLocationProvider> providers = new ArrayList<WebResourceLocationProvider>();
Iterator<WebResourceLocationProvider> iterator = ServiceLoader.load(WebResourceLocationProvider.class).iterator();
while (iterator.hasNext()) {
providers.add(iterator.next());
}
Collections.sort(providers, new Sortable.Comparator());
// prefer the context classloader
ClassLoader classLoader = WebResourceLocator.class.getClassLoader();
// process each provider one by one
for (WebResourceLocationProvider provider : providers) {
// execute the SPI implementation
final URL resourceLocation = provider.getWebResource(path, classLoader);
if (resourceLocation != null) {
return resourceLocation;
}
}
return null;