Anyone naver used permission management with seam 3? can anyone help me?
My guess is that persitent permission (ACLs) are not usable right now. I saw that information on part
what's next?of My Link
I think the only way to deal with permission is to use drools and the security.drl by creating permission rules waiting for ACLs.
The idmconsole example use the security.drl file to create rules for role.
I think its so; in fact i think that JpPermissionStore isn't never initialized.
In its method
initPropertiesthere there are various checks for correct configuration of identityPermissionClass
and its various properties annotated with @PermissionProperty (IDENTITY, RELATIONSHIPTYPE, RELATIONSHIPNAME and RESOURCE). If all checks passes then that variable (isEnabled) is forced to true.
But if i insert a breakpoint into initProperties method BEFORE starting jboss, that method never called.
I'm waiting for a 3.01 version...
When it is scheduled? u know?
(Sorry for my bad english).
I've read that post, but it is refers to 3.0.0.Alpha1 while i'm using 3.0.0 Final.....
JpaPermissionStore didn't make it into the Seam 3.0 release, with the refactoring to use PicketLink as the core security API we still need to rewrite ACL permissions. It's planned to be released as part of Seam 3.1, the first beta of which is due in August.
Tank you Shane, i'll wait for August.
I tried to play with JpaPermissionStore a bit and I have a question.
Why is the init method not called by CDI ?
It is annotated with @Inject and therefore should be called.
Same problem for all injected fields. By example, the BeanManager should normally be injected but is always null. Maybe I just miss some basic CDI understanding for injection in application scoped bean ?
Can someone explain it ?
Oh, forget that last one. To have the JpaIdentityStore enabled, you must configure it like this :
<security:JpaPermissionStore> <s:modifies/> <security:identityPermissionClass>foo.bar.IdentityPermission</security:identityPermissionClass> </security:JpaPermissionStore>
My mistake was to use
I'm trying to configure JpaPermissionStore as you said
<security:JpaPermissionStore> <s:modified/> <security:identityPermissionClass>foo.bar.IdentityPermission</security:identityPermissionClass> </security:JpaPermissionStore>
seam-config log says:
Adding XML Defined Bean: org.jboss.seam.security.permission.JpaPermissionStore
so I guess the framework is picking up the bean but then when I try to use the instance all fields are not initialized even the identityPermissionClass.
Any help? Did you get any further?
Mario, please try replaces instead of modifies as Richard stated just before your post.
I was able to enable the JpaPermissionStore but I cannot retrieve any permission from the database because I never pass the following conditional statement in JpaPermissionStore
if (resource != null && (action == null || (actionSet != null && actionSet.contains(action))))
My action is not null but the actionSet is null as well.
Could someone explain better this bit so I can try to provide a patch for it?
Guys, as I stated previously JpaPermissionStore is not complete in Seam 3. It requires some significant refactoring to bring it inline with Seam's new Picketlink-based new security model, and I also have a number of enhancements that need to be implemented. Unfortunately since this work looks like it will take a couple of weeks of solid work it will most likely not make it into the upcoming 3.1 release, however since it seems to be attracting more attention I will do my best to make it a higher priority for the subsequent release.
Hi Shane, any news about permissions?
It is present on seam-3.1.0.Beta3?
I've been trying to implement the idmconsole example.
Everything works fine as long as I use role 'admin' and group 'Head Office' for userid's that I create.
I tried to use webadmin rather than admin by modifying security.drl. The application throws an illegalArgumentException "Illegal Group Reference".
So I restored the security.drl and added a new group 'all' and made my test userid a member of both 'Head Office' and of 'all'. I still get the exception.
It looks to me like the seam security module isn't really usable - or something seems to be hard coded in the picketlink configuration ?
Is the JpaPermissionStore complete now ?