3 Replies Latest reply on Feb 23, 2007 7:52 PM by Shane Bryzak

    Problem w/ 1.1.6 example Security Rules

    John Chesher Newbie

      I had a working Seam 1.1.6 application to which I added the jars and configuration to implement Seam Security, per the 1.1.6 reference doc. Just to see if everything was configured properly, before I configured any application specific rules, I used the security.drl file from the example in the ref doc:

      package MyApplicationPermissions;

      import org.jboss.seam.security.PermissionCheck;
      import org.jboss.seam.security.Role;

      rule CanUserDeleteCustomers
      when
      c: PermissionCheck(name == "customer", action == "delete")
      Role(name == "admin")
      then
      c.grant()
      end;

      JBoss AS startup looks fine, but when my browser tries to load the first page of the app, I get the following error below about "c.grant() not a type". FYI, I have no permission checks in the page my browser is loading. (and in fact, it finally loads OK) Can anyone provide insight into the error below and, even better, provide some example Seam-Drools code that is doing permission checks, so that maybe I have something better to work with. I am new to drools/JBoss Rules and, other than the Seam Ref Doc, I cannot find any references to Seam Security Drools code doing PermissionChecks...
      Thanks!

      Here's the error:

      08:21:05,500 INFO [Lifecycle] starting up: org.jboss.seam.security.identity
      08:21:07,625 ERROR [STDERR] Warning: An error occurred compiling a semantic invoker. Errors should have been reported elsewhere.
      08:21:07,687 ERROR [[/]] Session event listener threw exception
      org.drools.rule.InvalidRulePackage: Rule Compilation error File MyApplicationPermissions/Rule_CanUserDeleteCustomers_0.java, Line 9, Column 16: Expression "c.grant()" is not a type

      at org.drools.rule.Package.checkValidity(Unknown Source)
      at org.drools.common.AbstractRuleBase.addPackage(Unknown Source)
      at org.jboss.seam.drools.RuleBase.compileRuleBase(RuleBase.java:70)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.seam.util.Reflections.invoke(Reflections.java:18)
      at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:102)
      at org.jboss.seam.Component.callComponentMethod(Component.java:1835)
      at org.jboss.seam.Component.callCreateMethod(Component.java:1783)
      at org.jboss.seam.Component.newInstance(Component.java:1772)
      at org.jboss.seam.Component.getInstance(Component.java:1669)
      at org.jboss.seam.Component.getInstance(Component.java:1636)
      at org.jboss.seam.security.Identity.initSecurityContext(Identity.java:109)
      at org.jboss.seam.security.Identity.create(Identity.java:84)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.seam.util.Reflections.invoke(Reflections.java:18)
      at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:102)
      at org.jboss.seam.Component.callComponentMethod(Component.java:1835)
      at org.jboss.seam.Component.callCreateMethod(Component.java:1783)
      at org.jboss.seam.Component.newInstance(Component.java:1772)
      at org.jboss.seam.contexts.Lifecycle.startup(Lifecycle.java:163)
      at org.jboss.seam.contexts.Lifecycle.beginSession(Lifecycle.java:223)
      at org.jboss.seam.servlet.SeamListener.sessionCreated(SeamListener.java:41)
      at org.apache.catalina.session.StandardSession.tellNew(StandardSession.java:384)
      at org.apache.catalina.session.StandardSession.setId(StandardSession.java:356)
      at org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:824)
      at org.apache.catalina.session.StandardManager.createSession(StandardManager.java:290)
      at org.apache.catalina.connector.Request.doGetSession(Request.java:2223)
      at org.apache.catalina.connector.Request.getSession(Request.java:2024)
      at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:831)
      at org.apache.myfaces.context.servlet.ServletExternalContextImpl.getSession(ServletExternalContextImpl.java:197)
      at org.jboss.seam.contexts.ContextAdaptor.getSession(ContextAdaptor.java:42)
      at org.jboss.seam.contexts.Lifecycle.beginRequest(Lifecycle.java:42)
      at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:53)
      at org.apache.myfaces.lifecycle.PhaseListenerManager.informPhaseListenersBefore(PhaseListenerManager.java:70)
      at org.apache.myfaces.lifecycle.LifecycleImpl.restoreView(LifecycleImpl.java:103)
      at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:66)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)

        • 1. Re: Problem w/ 1.1.6 example Security Rules
          John Chesher Newbie

          Found the solution myself, so thought I would post, as it may later help someone else...

          This appears to be a problem with the example in the 1.1.6 Reference Doc. However, I remembered that the "seamspace" example in the Seam Distribution uses Seam Security, so I looked at the security.drl file in that project. It has two differences from my code:
          - an import for the Principle class
          - a semi-colon after "c.grant()".
          Adding those two things solved my problem. FYI, here's the relevant snippets from security.drl in the seamspace example:

          package SeamSpacePermissions;
          
          import java.security.Principal;
          
          import org.jboss.seam.security.PermissionCheck;
          import org.jboss.seam.security.Role;
          
          rule ViewImage
           no-loop
           activation-group "permissions"
          when
           c: PermissionCheck(name == "memberImage", action == "view", granted == false)
           img: MemberImage()
           eval( img.getMember().getPicture() == img )
          then
           c.grant();
           modify(c);
          end;




          • 2. Re: Problem w/ 1.1.6 example Security Rules
            Gavin King Master

            Fixed the doc in CVS.

            • 3. Re: Problem w/ 1.1.6 example Security Rules
              Shane Bryzak Master

              You only need to import java.security.Principal if you're using it in your rules. It would have been the missing semi-colon that caused the issue.