6 Replies Latest reply on Feb 4, 2007 8:50 AM by gaboo

    Help about permissions with seam-security

    gaboo

      Hello !

      I'm trying the latest seam with seam-security.

      Using roles is pretty easy, but I haven't managed using permissions yet.
      It's really hard to write rules when you're new to JBoss Rules.

      How can I debug my rules ?
      I know they does not work. Is there a jboss rules "verbose+debug" mode, which could help writing, underderstanding and debuging seam-security rules ?

      I also added some restrictions to pages.xml.
      No way either to verify it's correct as I have no feedback.

      I have this in pages.xml

      <page view-id="/userList.xhtml">
       <restrict/>
      </page>
      <page view-id="/userList.*">
       <restrict/>
      </page>


      And this in my rules file :
      package Permissions;
      
      import java.security.Principal;
      
      import org.jboss.seam.security.PermissionCheck;
      import org.jboss.seam.security.Role;
      
      rule CanUserViewUserList
      when
       c: PermissionCheck(page : name, name == "/userList.xhtml", action == "render")
       Role(name == "admin")
      then
       System.out.println("test : " + page);
       c.grant();
      end;


      And a potential bug I think : in seamspace example, if you are not logged in and try to access
      http://localhost:8080/seam-space/comment.xhtml
      It works but the file is downloaded (usgin firefox).
      If you go to http://localhost:8080/seam-space/comment.seam : you indeed get a org.jboss.seam.security.NotLoggedInException.

      Thank you !

        • 1. Re: Help about permissions with seam-security
          gaboo

          I can get permission to works with inline restrictions like this :

          in xtml page :

          <h:outputText value="TEST permission (test/bwa)"
           rendered="#{s:hasPermission('test','bwa', null)}"/>
          <br/>
          <h:outputText value="TEST permission (test/toto)"
           rendered="#{s:hasPermission('test','toto', null)}"/>
          <br/>
          <h:outputText value="TEST role admin"
           rendered="#{s:hasRole('admin')}"/>
          


          rules :
          rule TestBwaRule
          when
           c: PermissionCheck(name == "test", action == "bwa")
           Role(name == "admin")
          then
           c.grant();
          end;
          
          
          rule TestBwaRule1
          when
           c: PermissionCheck(name == "test", action == "toto")
          then
           c.grant();
          end;



          But no way with page level restriction in pages.xml.
          Not sure what is wrong. Would be good to add such an example in seamspace ?

          • 2. Re: Help about permissions with seam-security
            gaboo

            Me again, sorry :)

            After reading other topics, I downloaded seam CVS.
            It works much better even if i also have "Swallowing exception thrown by page action" error.

            At least I'm now sure the pages.xml and rules files are taken into account.

            One more question : in the documentation, you added a "Requirements" section. I noted that "commons-lang-2.1.jar" is not in application.xml neither it is copied in the final ear (I started froma seam-gen project). I added it to both.

            • 3. Re: Help about permissions with seam-security
              gavin.king

               

              even if i also have "Swallowing exception thrown by page action"


              Not much I can do about that. JSF forces me to swallow these things. I'm not going to do it silently, that's just dangerous.

              • 4. Re: Help about permissions with seam-security
                shane.bryzak

                As far as debugging rules go, I'm no drools expert but I believe you can use org.drools.audit.WorkingMemoryFileLogger to log working memory events to file, which may be helpful for working through issues. It should be a snap to set this up - simply create one when the user logs in:

                WorkingMemoryFileLogger log = new WorkingMemoryFileLogger(Identity.instance().getSecurityContext());
                log.setFileName("/my/logfile");
                


                Then you need to call log.writeToDisk() to flush the logger's "buffer" to disk, or alternatively you can probably call log.setMaxEventsInMemory(0).

                Please let me know if this is helpful (I haven't tried it myself :).

                • 5. Re: Help about permissions with seam-security
                  gaboo

                   

                  "gavin.king@jboss.com" wrote:

                  Not much I can do about that. JSF forces me to swallow these things. I'm not going to do it silently, that's just dangerous.


                  Yes, but in the end, the security rule is not applied.

                  It's not a problem that's there's an exception raised. I guess there sould not be a exception in fact.

                  Please let me know if this is helpful (I haven't tried it myself :).


                  • 6. Re: Help about permissions with seam-security
                    gaboo

                    Oops, my previous post has been cut off. It'snot posible to edit ?

                    Please let me know if this is helpful (I haven't tried it myself :)


                    Sure ! Thanks for the tip :)