0 Replies Latest reply on Nov 30, 2011 3:15 PM by Richard Barabe

    Seam-security:removing role relationship

    Richard Barabe Newbie

      When I make a user a member of a group, and then I make this same user play a role in that group, I cannot remove that role.


      iE, setting up a user, a group, and the two user-group relations described above :






      // Relationship types
      IdentityObjectRelationshipType jbossIdentityMembership = new IdentityObjectRelationshipType();
      jbossIdentityMembership.setName("JBOSS_IDENTITY_MEMBERSHIP");
      entityManager.persist(jbossIdentityMembership);
              
      IdentityObjectRelationshipType jbossIdentityRole = new IdentityObjectRelationshipType();
      jbossIdentityRole.setName("JBOSS_IDENTITY_ROLE");
      entityManager.persist(jbossIdentityRole);
      
      // Admin role name
      IdentityRoleName adminRole = new IdentityRoleName();
      adminRole.setName("admin");
      entityManager.persist(adminRole);
      
      // Group type
      IdentityObjectType CONTAINER = new IdentityObjectType();
      CONTAINER.setName("CONTAINER");
      entityManager.persist(CONTAINER);
      
      // GROUP
      IdentityObject myGroup = new IdentityObject();
      myGroup.setName("myGroup");
      myGroup.setType(CONTAINER);
      entityManager.persist(myGroup);
      
      // USER
      IdentityObject user = new IdentityObject();
      // ...
      
      // Simple group membership (no role)
      IdentityObjectRelationship memberRelation = new IdentityObjectRelationship();
      memberRelation.setRelationshipType(jbossIdentityMembership);
      memberRelation.setFrom(myGroup);
      memberRelation.setTo(user);
      entityManager.persist(memberRelation);
              
      // Admin role in group
      IdentityObjectRelationship adminRelationship = new IdentityObjectRelationship();
      adminRelationship.setRelationshipType(jbossIdentityRole);
      adminRelationship.setFrom(myGroup);
      adminRelationship.setTo(user);
      adminRelationship.setName(adminRole.getName());
      entityManager.persist(adminRelationship);



      And then I tried to remove the role via the api :



      RoleManager roleManager = identitySession.getRoleManager();
      RoleType roleType = roleManager.getRoleType("admin");
      roleManager.removeRole(roleType, user, myGroup);



      I receive this exception :




      Caused by: javax.persistence.NonUniqueResultException: result returns more than one elements
           at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:287)
           at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:264)
           at org.jboss.seam.security.management.picketlink.JpaIdentityStore.removeRelationship(JpaIdentityStore.java:1408)
           at org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository.removeRelationship(WrapperIdentityStoreRepository.java:213)
           at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.removeRole(RoleManagerImpl.java:331)

      It seem that JpaIdenittyStore doesn't quite make the difference between Role and Group memberships.Do I populate my database correctly (I'm a bit confused with RoleName, RoleType and IdentityRelationshipType) ?