7 Replies Latest reply on Aug 16, 2010 4:11 PM by Chris Simons

    Problems implementing Seam Registration Example Using Identity Management API

    Leandro Hermida Newbie

      Hello,


      Forgive me if I have really misunderstood something, I am trying to recreate the Seam Reference registration example using the Identity Management API.  But it seems to me like the Identity Management API requires an already logged in user to run any of its methods?


      Here is the RegisterAction code from the Seam Reference:



      @Stateless
      @Name("register")
      public class RegisterAction implements Register
      {
      
         @In
         private User user;
         
         @PersistenceContext
         private EntityManager em;
         
         @Logger
         private Log log;
         
         public String register()
         {
            List existing = em.createQuery(
               "select username from User where username=#{user.username}")
               .getResultList();
               
            if (existing.size()==0)
            {
               em.persist(user);
               log.info("Registered new user #{user.username}");
               return "/registered.xhtml";
            }
            else
            {
               FacesMessages.instance().add("User #{user.username} already exists");
               return null;
            }
         }
      
      }



      Here is my new code using the Identity Management API:


      @Stateless
      @Name("registerAction")
      public class RegisterAction implements Register {
      
          @In
          private IdentityManager identityManager;
          
          @In
          private User user;
          
          @Logger
          private Log log;
      
          public String register() {
              if (!identityManager.userExists(user.getUsername())) {
                  identityManager.createUser(user.getUsername(), user.getPassword());
                  identityManager.enableUser(user.getUsername());
                  log.info("Registered new user #{user.username}");
                  return "/registered.xhtml";
              } else {
                  FacesMessages.instance().add("Username #{user.username} already exists");
                  return null;
              }
         }
      }



      When submitting the registration form I get org.jboss.seam.security.NotLoggedInException.


      leandro

        • 1. Re: Problems implementing Seam Registration Example Using Identity Management API
          Shane Bryzak Master

          If you use the rule definitions shown in the security chapter of the ref docs, you can wrap your operation in a RunAsOperation to execute your identity management operations as the admin user.  For example:




          new RunAsOperation() {
            public void execute() {
              if (!identityManager.userExists(user.getUsername())) {
                identityManager.createUser(user.getUsername(), user.getPassword());
                identityManager.enableUser(user.getUsername());
                log.info("Registered new user #{user.username}");
                return "/registered.xhtml";
              } else {
                FacesMessages.instance().add("Username #{user.username} already exists");
                return null;
              }
            }         
          }.addRole("admin")
           .run();



          • 2. Re: Problems implementing Seam Registration Example Using Identity Management API
            Leandro Hermida Newbie

            Sorry to ask a maybe stupid question, I tried your code above (removed the return statements because the execute() can't have returns) but I get the following error stack trace


            16:37:10,280 ERROR [application] javax.ejb.EJBTransactionRolledbackException: Error performing 'org.sysfusion.core.session.RegisterAction.register()' --> org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
            javax.faces.el.EvaluationException: javax.ejb.EJBTransactionRolledbackException: Error performing 'org.sysfusion.core.session.RegisterAction.register()' --> org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
                 at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
                 at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
                 at javax.faces.component.UICommand.broadcast(UICommand.java:387)
                 at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                 at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                 at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                 at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                 at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                 at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                 at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                 at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:44)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:150)
                 at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267)
                 at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:379)
                 at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:506)
                 at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
                 at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                 at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
                 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                 at java.lang.Thread.run(Thread.java:595)
            Caused by: javax.ejb.EJBTransactionRolledbackException: Error performing 'org.sysfusion.core.session.RegisterAction.register()' --> org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
                 at org.jboss.ejb3.tx.Ejb3TxPolicy.handleInCallerTx(Ejb3TxPolicy.java:87)
                 at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:130)
                 at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
                 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)
                 at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)
                 at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)
                 at $Proxy139.register(Unknown Source)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                 at java.lang.reflect.Method.invoke(Method.java:585)
                 at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
                 at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31)
                 at org.jboss.seam.intercept.ClientSideInterceptor$1.proceed(ClientSideInterceptor.java:76)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
                 at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
                 at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
                 at org.javassist.tmp.java.lang.Object_$$_javassist_3.register(Object_$$_javassist_3.java)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                 at java.lang.reflect.Method.invoke(Method.java:585)
                 at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:329)
                 at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:342)
                 at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                 at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                 at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                 at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                 at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
                 ... 51 more
            Caused by: net.sf.fuge.GenericException: Error performing 'org.sysfusion.core.session.RegisterAction.register()' --> org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
                 at org.sysfusion.core.session.RegisterActionImpl.register(RegisterActionImpl.java:127)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                 at java.lang.reflect.Method.invoke(Method.java:585)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
                 at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
                 at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
                 at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                 at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                 at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                 at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:29)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                 at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:31)
                 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                 at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
                 at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50)
                 at sun.reflect.GeneratedMethodAccessor174.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                 at java.lang.reflect.Method.invoke(Method.java:585)
                 at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
                 at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
                 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                 at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
                 ... 90 more
            Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
                 at org.jboss.seam.security.Identity.checkPermission(Identity.java:581)
                 at org.jboss.seam.security.management.IdentityManager.userExists(IdentityManager.java:169)
                 at org.sysfusion.core.session.RegisterActionImpl$1.execute(RegisterActionImpl.java:68)
                 at org.jboss.seam.security.Identity.runAs(Identity.java:734)
                 at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84)
                 at org.sysfusion.core.session.RegisterActionImpl.register(RegisterActionImpl.java:77)
                 ... 121 more



            Where the root cause just above this line refers to when the identityManager checks if the user already exists:


            if (!identityManager.userExists(user.getUsername())) {



            Why is there an AuthorizationException when we are running this operation with elevated admin privileges?


            Leandro

            • 3. Re: Problems implementing Seam Registration Example Using Identity Management API
              Leandro Hermida Newbie

              Hi again,


              Could it be that I do not have my PermissionStore set up yet?  From the docs it reads like you don't necessary need a permission store to run Identity Management stuff.


              -leandro

              • 4. Re: Problems implementing Seam Registration Example Using Identity Management API
                Shane Bryzak Master

                Are you using the following rule definitions from the docs, like I mentioned?


                rule ManageUsers
                  no-loop
                  activation-group "permissions"
                when
                  check: PermissionCheck(name == "seam.user", granted == false)
                  Role(name == "admin")
                then
                  check.grant();
                end
                
                rule ManageRoles
                  no-loop
                  activation-group "permissions"
                when
                  check: PermissionCheck(name == "seam.role", granted == false)
                  Role(name == "admin")
                then
                  check.grant();
                end



                You don't need to have permission management configured to use identity management.

                • 5. Re: Problems implementing Seam Registration Example Using Identity Management API
                  Leandro Hermida Newbie

                  Hi Shane,


                  Thanks you are right I had missed this important detail in your previous comment :)


                  Maybe you have already been asked this, but I was wondering if there were any examples which show how one uses the Identity and Permission Management APIs.  I know it's a bit early on... 


                  leandro

                  • 6. Re: Problems implementing Seam Registration Example Using Identity Management API
                    Brian Hiles Newbie

                    Ran into this problem as well. Thanks for providing this solution for reference.


                    Now that we have this solution, can someone answer why it is a requirement to have a user (logged in) privileges to use this method? I didn't see that answered.


                    Thanks.


                    -Brian

                    • 7. Re: Problems implementing Seam Registration Example Using Identity Management API
                      Chris Simons Expert

                      Sorry to dig up this thread after two years, but I'm having the same issue, even after declaring the rules as you state above.


                      Question regarding this...if I have a Role class named AppRole, should the rule check Role or AppRole


                      Likewise, should I import org.jboss.security.Role or my.project.package.AppRole?


                      Thanks.