7 Replies Latest reply on Mar 20, 2008 12:10 AM by shane.bryzak

    Roles and Permissions

    dro_k
    dro_k Mar 18, 2008 7:19 PM

      Hi Everyone,


      For security, I would like to implement sort of an ACL with Seam. Basically I would like to have a Role (a collection of permissions) and assign that to a User. For example I can have permissions ViewOrders and EditOrders and assign them to Role CustomerService and then assign CustomerService role to some user in customer service department.


      Looking into Seam's Identity, I could see there's Identity.instance().addRole(String role), (for RBAC, role based access control) but there's no such thing as Identity.instance().addPermission(String permission).


      Am I missing something?



      Thanks!

        • 1. Re: Roles and Permissions
          yuriy_zubarev
          yuriy_zubarev Mar 18, 2008 10:17 PM (in response to dro_k)

          If you look at Identity source you would see it has a very rudimentary implementation for roles and permissions. For example:



          public boolean hasPermission(String name, String action, Object...arg)
{      
  return !securityEnabled;
}



          You are supposed to extend this class with your own implementation if you need more sophisticated handling of roles and permissions.


          Regards,
          Yuriy



            • Actions
          • 2. Re: Roles and Permissions
            dro_k
            dro_k Mar 18, 2008 10:44 PM (in response to dro_k)

            Thanks for your reply Yuriy.


            Yea, I looked at the code and kind of thought that I need to implement my own, anyhow, do you know how I should extend the Identity and have Seam recognize the new Identity implementation?


            Thanks

              • Actions
            • 3. Re: Roles and Permissions
              yuriy_zubarev
              yuriy_zubarev Mar 18, 2008 11:31 PM (in response to dro_k)

              Sure, it's :



              @Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@Install(precedence = APPLICATION)
@BypassInterceptors
@Startup
public class MyIdentity extends Identity {
...
}



              Regards,
              Yuriy

                • Actions
              • 4. Re: Roles and Permissions
                shane.bryzak
                shane.bryzak Mar 19, 2008 4:21 PM (in response to dro_k)

                I'm currently working on a major restructuring of Seam's security API, including a number of new ways of resolving permission checks.  These include ACL (instance-based) security, dynamic role->permission mappings and of course we still support rule-based permissions.  Unless you're in a hurry you may like to wait and see if these new features will solve your security requirements.

                  • Actions
                • 5. Re: Roles and Permissions
                  dro_k
                  dro_k Mar 19, 2008 5:58 PM (in response to dro_k)

                  Thanks! It's not urgent. My time frame is a month. Do you have a JIRA for this activity so I can follow-up on it?

                    • Actions
                  • 6. Re: Roles and Permissions
                    dro_k
                    dro_k Mar 19, 2008 6:01 PM (in response to dro_k)

                    Thanks Yuiry. I was also able to find this page, which is extending Identity to support NTLM authentication. Pretty cool.


                      • Actions
                    • 7. Re: Roles and Permissions
                      shane.bryzak
                      shane.bryzak Mar 20, 2008 12:10 AM (in response to dro_k)

                      Sure thing.


                      JBSEAM-2769

                        • Actions