2 Replies Latest reply on Oct 12, 2007 1:22 PM by Jan te Beest

    Identity.hasPermission

    Jan te Beest Newbie

      Hi,

      I was going through the sources of seam-1.2.1.GA and 2.0.0.CR2 and noticed something I found odd.

      According to the documentation, I can use s:hasPermission to check for certain ACL like permissions. However in the code when I click through the functions, I get to checkPermission, which calls hasPermission to do the real check. The hasPermission function however, just returns false. This would lead to nobody having permissions right? Please correct me if I'm wrong and the check is done in some other way. It looks like this code still has to be finished, although there's no TODO with it.

      I'm evaluating Seam as an option for our company and so I'm writing a little Jira like hobby project. I'd like to use the hasPermission and Drools PermissionCheck to evaluate some ACL like permissions. I was just going through the code to see how I would have to set up a database and how the checks are done. I'm not really clear as to how to use ACLs in Seam.

      What I want to do is put users in certain groups (role checking), which seems to be just fine. I want to give certain users read/write/create/delete rights on certain topics/projects, etc. I'm kind off used to Acegi, where I'd would create AclIdentity objects for these factors and AclPermission objects on these AclIdentity objects, with the permissions for a certain recipient (User/Group) on a certain Entity with some id.

      Could anyone please fill me in on the best practice to do something like this with Seam (and perhaps JAAS?)?

      Any help would be very welcome.

      Jan

        • 1. Re: Identity.hasPermission
          Jose Rubio Newbie

          I wanted to use the hasPermission in a different way than what is used by default. By default it loads it from the business rules engine and I wanted to do it from a database where I had all the permission infromation stored.

          What I did was to extended the Identity class and then tell Seam to use that class instead. This was when a user was authenticated I would load the permissions myself into my own identity object and then I overwrote the hasPermission check to then look for my permissions.

          I'm sure you can do this smae approach to plug in whatever security mechanism you want to use.

          • 2. Re: Identity.hasPermission
            Jan te Beest Newbie

            Thank you very much. I was thinking about something like that, but didn't know whether I could just extend / wrap it.

            I'll give it a go tonight.

            Thanks,
            Jan