6 Replies Latest reply on Feb 8, 2008 7:26 AM by Wolfgang Chico Toepfer

    How to use Seam Extended Security without Rule Engine?

    Wolfgang Chico Toepfer Newbie

      Hi,

      In a first step I would like to test and try the Seam Extended Security
      but without having to use rules and described the rights
      by specifiying them in pure Java. In a future step I would then
      probably move on to using the rule engine.

      Is this approach possible? If so, what would be the configuration
      like and how would I connect the Java-implemented rules to the
      Seam permissions?

      Thanks in advance,
      Wolfgang.

        • 1. Re: How to use Seam Extended Security without Rule Engine?
          Kenneth Christensen Novice

          Yes it is possible.

          Extend the Identity class and override the hasPermission(String name, String action, Object...arg) method.

          • 2. Re: How to use Seam Extended Security without Rule Engine?
            Kenneth Christensen Novice

            Or override the evaluateExpression(String expr) method.

            • 3. Re: How to use Seam Extended Security without Rule Engine?
              Wolfgang Chico Toepfer Newbie

              What about the configuration? When using the Rule engine one would specify it in the components.xml. I assume I would leave that out and only specify that I use the basic Seam security despite the application of e.g. s:hasPermission and such.

              However, I am not sure if in this case that extended security can really be used. Has anybody tested this approach?

              • 4. Re: How to use Seam Extended Security without Rule Engine?
                Joshua Jackson Master

                Hi Shane,

                I think RuleBasedIdentity should have a different component @Name instead of the same @Name with Identity, so user can choose whether to use RuleBasedIdentity component or the Identity component.

                • 5. Re: How to use Seam Extended Security without Rule Engine?
                  Kenneth Christensen Novice

                   

                  "wchico2" wrote:
                  What about the configuration? When using the Rule engine one would specify it in the components.xml. I assume I would leave that out and only specify that I use the basic Seam security despite the application of e.g. s:hasPermission and such.


                  Just use the 'normal' Seam security configuration:

                  <security:identity authenticate-method="#{authenticatorService.authenticate}"/>
                  


                  "wchico2" wrote:

                  However, I am not sure if in this case that extended security can really be used. Has anybody tested this approach?


                  Yes, I have :-)

                  I'm not using this approach anymore - I'm using JBoss Rules.

                  Here is an example without JBoss Rules - Java based permissions control:

                  @Name("org.jboss.seam.security.identity")
                  @Scope(ScopeType.SESSION)
                  @Install(precedence = Install.APPLICATION)
                  @BypassInterceptors
                  @Startup
                  public class SineIdentity extends Identity {
                   private static final LogProvider log = Logging.getLogProvider(SineIdentity.class);
                  
                   private static Set<String> permissionsMethods = new HashSet<String>();
                  
                   private Set<String> roles = new HashSet<String>();
                  
                   static {
                   permissionsMethods.add("hasPermissionLms");
                   permissionsMethods.add("hasPermissionOrderTerminalsAndAddons");
                   permissionsMethods.add("hasPermissionTerminalsConnection");
                   permissionsMethods.add("hasPermissionUpdateOperationStatus");
                   permissionsMethods.add("hasPermissionViewOperationStatus");
                   permissionsMethods.add("hasPermissionUploadDocuments");
                   permissionsMethods.add("hasPermissionViewSystemDocuments");
                   permissionsMethods.add("hasPermissionViewStandardDocuments");
                   permissionsMethods.add("hasPermissionUploadReports");
                   permissionsMethods.add("hasPermissionViewDynamicsReports");
                   permissionsMethods.add("hasPermissionViewType1Reports");
                   permissionsMethods.add("hasPermissionViewType2Reports");
                   permissionsMethods.add("hasPermissionQuestionnaireParticipation");
                   permissionsMethods.add("hasPermissionUserAdministration");
                   permissionsMethods.add("hasPermissionAdministrator"); // Administrator only !
                   }
                  
                   @Override
                   public boolean addRole(String role) {
                   if (log.isDebugEnabled()) {
                   log.debug("Adding role: " + role);
                   }
                  
                   roles.add(role);
                   return super.addRole(role);
                   }
                  
                   @Override
                   protected boolean evaluateExpression(String expr) {
                   if (permissionsMethods.contains(expr)) {
                   FacesContext context = FacesContext.getCurrentInstance();
                  
                   MethodExpression method = context.getApplication().getExpressionFactory().createMethodExpression(
                   context.getELContext(), "#{identity." + expr + "}", Boolean.class, new Class[] {});
                  
                   if (log.isDebugEnabled()) {
                   log.debug("SineIdentity: evaluateExpression(String expr) invoked.");
                   }
                   return (Boolean) method.invoke(FacesContext.getCurrentInstance().getELContext(), new Object[] {});
                   } else {
                   if (log.isDebugEnabled()) {
                   log.debug("Identity: evaluateExpression(String expr) invoked.");
                   }
                   return super.evaluateExpression(expr);
                   }
                   }
                  
                   public boolean hasPermissionLms() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionLms: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.LMS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionLms: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionOrderTerminalsAndAddons() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionOrderTerminalsAndAddons: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.ORDER_TERMINALS_AND_ADDONS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionOrderTerminalsAndAddons: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionTerminalsConnection() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionTerminalsConnection: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.TERMINALS_CONNECTION.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionTerminalsConnection: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionUpdateOperationStatus() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUpdateOperationStatus: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.UPDATE_OPERATION_STATUS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUpdateOperationStatus: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewOperationStatus() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewOperationStatus: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_OPERATION_STATUS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewOperationStatus: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionUploadDocuments() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUploadDocuments: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.UPLOAD_DOCUMENTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUploadDocuments: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewSystemDocuments() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewSystemDocuments: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_SYSTEM_DOCUMENTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewSystemDocuments: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewStandardDocuments() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewStandardDocuments: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_STANDARD_DOCUMENTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewStandardDocuments: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionUploadReports() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUploadReports: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.UPLOAD_REPORTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUploadReports: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewDynamicsReports() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewDynamicsReports: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_DYNAMICS_REPORTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewDynamicsReports: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewType1Reports() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewType1Reports: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_TYPE1_REPORTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewType1Reports: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionViewType2Reports() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewType2Reports: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.VIEW_TYPE2_REPORTS.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionViewType2Reports: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionQuestionnaireParticipation() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionQuestionnaireParticipation: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.QUESTIONNAIRE_PARTICIPATION.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionQuestionnaireParticipation: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionUserAdministration() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUserAdministration: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.USER_ADMINISTRATION.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionUserAdministration: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  
                   public boolean hasPermissionAdministrator() {
                   if (!isLoggedIn()) {
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionAdministrator: not logged in");
                   }
                   return false;
                   }
                  
                   boolean hasPermission = false;
                   for (String role : roles) {
                   if (RolePermissionType.ADMINISTRATOR.hasRolePermission(role)) {
                   hasPermission = true;
                   break;
                   }
                   }
                  
                   if (log.isDebugEnabled()) {
                   log.debug("hasPermissionAdministrator: " + hasPermission);
                   }
                   return hasPermission;
                   }
                  }
                  
                  


                  Using the permissions in Java source:

                   @Restrict("hasPermissionUserAdministration")
                   public String createUser() {
                   ...
                   ....
                   }
                  


                  Using the permissions in pages.xml:

                  <page view-id="/xhtml/sec/admin/createUser.jspx">
                   <restrict>hasPermissionUserAdministration</restrict>
                  
                   <navigation>
                   <rule if-outcome="success">
                   <render view-id="/xhtml/sec/admin/successful.jspx"/>
                   </rule>
                  
                   <rule if-outcome="fail">
                   <render view-id="/xhtml/sec/admin/fails.jspx"/>
                   </rule>
                   </navigation>
                   </page>
                  


                  Using the permissions in .xhtml:

                  <s:fragment rendered="#{identity.hasPermissionUserAdministration()}">
                   <li>
                   <s:link id="m1" value="#{messages.adminLeftMenuCreateUserTitle}" action="#{leftMenuUi.setMenuId('m1')}" view="/xhtml/sec/admin/createUser.jspx" propagation="none"/>
                   </li>
                   </s:fragment>
                  


                  But again, I recommend you to use JBoss Rules :-)

                  • 6. Re: How to use Seam Extended Security without Rule Engine?
                    Wolfgang Chico Toepfer Newbie

                    Fine that is exactly what I thought of being the first step,
                    thanks so much :-)