Sorry if this might belong in the mailing list instead of the forums. I've come across a problem regarding account creation permissions. Theoretically, AFAIK, there should be two ways of telling Seam that the
admin role should be allowed to create new accounts - rule-based or persistence-based. For the latter, which I prefer, I assume there would be a database row where (recipient\='admin', target\='seam.account', action\='create', discriminator\='role'). But I'm seeing a NullPointerException because there isn't an IdentifierStrategy that can resolve a String's identifier as, well, the String itself. So IdentifierPolicy throws a NullPointerException when given a String as a target by JpaPermissionStore. Now, I could just learn Drools and work around it, but this should IMHO be an option for users. I would be willing to submit a patch.
You're right, this was an oversight by myself and I've fixed it in SVN now. Nice to see people using the new security features already :) (and I haven't even finished writing the docs!)