0 Replies Latest reply on Sep 17, 2007 2:15 AM by Terry

    security.drl not being enforced

    Terry Apprentice

      Security rules in security.drl are ignored, or not activated. It logs me in even if I look for non-existing rule.

      Do anything need to be done activate a specific rule? please see my configs below:

      components.xml:
      <drools:rule-base name="securityRules">
      <rools:rule-files>/security.drl</drools:rule-files>
      </drools:rule-base>

      <security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}" emember-me="true"/>


      security.drl:
      package Permissions;
      import java.security.Principal;
      import org.jboss.seam.security.PermissionCheck;
      import org.jboss.seam.security.Role;

      rule EditOrganisation
      when
      c: PermissionCheck(name == "/OrganisationEdit.xhtml", action="render")
      Role(name == "system_adminX")
      then
      c.grant();
      end;

      OrganisationEdit.page.xml:

      <page no-conversation-view-id="/OrganisationList.xhtml">

      ...
      ...


      However, security works fine if I put following in OrganisationEdit.page.xml.

      #{s:hasRole('system_adminX')}

      Please provide any clues.

      Thanks,