Seam-security:removing role relationship
baraber Nov 30, 2011 3:15 PMWhen I make a user a member of a group, and then I make this same user play a role in that group, I cannot remove that role.
iE, setting up a user, a group, and the two user-group relations described above :
// Relationship types IdentityObjectRelationshipType jbossIdentityMembership = new IdentityObjectRelationshipType(); jbossIdentityMembership.setName("JBOSS_IDENTITY_MEMBERSHIP"); entityManager.persist(jbossIdentityMembership); IdentityObjectRelationshipType jbossIdentityRole = new IdentityObjectRelationshipType(); jbossIdentityRole.setName("JBOSS_IDENTITY_ROLE"); entityManager.persist(jbossIdentityRole); // Admin role name IdentityRoleName adminRole = new IdentityRoleName(); adminRole.setName("admin"); entityManager.persist(adminRole); // Group type IdentityObjectType CONTAINER = new IdentityObjectType(); CONTAINER.setName("CONTAINER"); entityManager.persist(CONTAINER); // GROUP IdentityObject myGroup = new IdentityObject(); myGroup.setName("myGroup"); myGroup.setType(CONTAINER); entityManager.persist(myGroup); // USER IdentityObject user = new IdentityObject(); // ... // Simple group membership (no role) IdentityObjectRelationship memberRelation = new IdentityObjectRelationship(); memberRelation.setRelationshipType(jbossIdentityMembership); memberRelation.setFrom(myGroup); memberRelation.setTo(user); entityManager.persist(memberRelation); // Admin role in group IdentityObjectRelationship adminRelationship = new IdentityObjectRelationship(); adminRelationship.setRelationshipType(jbossIdentityRole); adminRelationship.setFrom(myGroup); adminRelationship.setTo(user); adminRelationship.setName(adminRole.getName()); entityManager.persist(adminRelationship);
And then I tried to remove the role via the api :
RoleManager roleManager = identitySession.getRoleManager(); RoleType roleType = roleManager.getRoleType("admin"); roleManager.removeRole(roleType, user, myGroup);
I receive this exception :
Caused by: javax.persistence.NonUniqueResultException: result returns more than one elements
at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:287)
at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:264)
at org.jboss.seam.security.management.picketlink.JpaIdentityStore.removeRelationship(JpaIdentityStore.java:1408)
at org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository.removeRelationship(WrapperIdentityStoreRepository.java:213)
at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.removeRole(RoleManagerImpl.java:331)
It seem that JpaIdenittyStore doesn't quite make the difference between Role and Group memberships.Do I populate my database correctly (I'm a bit confused with RoleName, RoleType and IdentityRelationshipType) ?