4 Replies Latest reply on May 27, 2008 9:37 PM by Tiago Sudeval

    How to add Permissions, not Roles?

    jk;l jkl; Expert

      I did an identity.addRole("person:create"), where 'person:create' is a String that came from a 'user' entity instance in the DB, and then checked for the permission in a pages.xml restriction:


      #{s:hasPermission('person','create',user)}


      I'm clearly not using this correctly because the identity that has the permission person:create isn't allowed access to the page (when it should!). However, the following also doesn't work, using 'identity' instead of 'user':


      #{s:hasPermission('person','create',identity)}


      What's the proper way to assign and check permissions, as opposed to simply roles?


      Thanks.

        • 1. Re: How to add Permissions, not Roles?
          Drew Kutchar Newbie

          If you look at the source code, Identity doesn't have support for permissions. You should extend the Identity and override the hasPermission method. (I think there's a JIRA on this to be added in 2,1, don't quote me on that though)


          You can also use the rule based identity, then all you need to do is to write the appropriate jboss rules files which the process is  documented very well in seam documentation.


          cheers,
          Drew

          • 2. Re: How to add Permissions, not Roles?
            Kariem Hussein Newbie

            Kris,


            Just want to add some informtion to Drew's comment. Identity (org.jboss.seam.security.Identity) does not have methods to directly add permissions, it only supports the permission checks via the method hasPermission(String, String, Object…).


            You should not pass null to the last parameter. If you don't have anything to put there, just omit it. Otherwise, you get an exception.


            Rule-based identity (org.jboss.seam.security.RuleBasedIdentity), as Drew said, is well documented. I did not know Drools before using it, but following the docs should be straightforward.

            • 3. Re: How to add Permissions, not Roles?
              Shane Bryzak Master

              Seam 2.1.0.GA will include a new Identity Management and Permission Management API.  These new features will allow you to assign permissions to a user, in a manner as you described.

              • 4. Re: How to add Permissions, not Roles?
                Tiago Sudeval Newbie

                Kariem Hussein wrote on Apr 17, 2008 12:13:


                Kris,

                Just want to add some informtion to Drew's comment. Identity (org.jboss.seam.security.Identity) does not have methods to directly add permissions, it only supports the permission checks via the method hasPermission(String, String, Object…).

                You should not pass null to the last parameter. If you don't have anything to put there, just omit it. Otherwise, you get an exception.

                Rule-based identity (org.jboss.seam.security.RuleBasedIdentity), as Drew said, is well documented. I did not know Drools before using it, but following the docs should be straightforward.


                However, to use rules of drools ( security file / JBoss Rules / Drools) i need override Identity to insert my permissions...
                i´m correct?


                like,


                rule CanUserDeleteCustomers
                when
                  c: PermissionCheck(name == "customer", action == "delete")
                  Role(name == "admin")
                then
                  c.grant();
                end;



                because it´s use c: PermissionCheck


                i think !