1 2 Previous Next 16 Replies Latest reply on Nov 16, 2008 12:08 AM by Shane Bryzak

    permissionManager.grantPermissions(..) returns true but the values are not in the database

    Marco Röösli Newbie

      I tryed to grant permissions to an object of my TestClass. I try it like this:


             
      @In
      PermissionManager permissionManager;
      ....
      
      
              TestClass tc=new TestClass();
           
           Permission p1= new Permission(tc,"view",identity.getPrincipal());
           Permission p2= new Permission(tc,"test",identity.getPrincipal());
           
           List<Permission> permissions= new ArrayList<Permission>();
           permissions.add(p1);
           permissions.add(p2);
           
           permissionManager.grantPermissions(permissions);




      identity.getPrincipal() is the user 'admin' successfuly authed by the identity manager. this user has the role 'root'


      to get access to grant permissions i added this rule in my security-rules.drl file


      ...
      import ch.pomop.dummy.common.TestClass;
      ...
      
      rule ManageTestClassPermissions
       no-loop
       activation-group "permissions"
      when
        tc: TestClass()
        check: PermissionCheck(target == tc, action == "seam.grant-permission", granted == false)
        Role(name == "root")
      then
        check.grant();
      end




      permissionManager.grantPermissions(permissions) returns true but there is no value in my database.
      I also tryed
      permissionManager.getPermissionStore().grantPermissions(permissions);
      I also tryed to add @Transactional to my method wich calls grantPermissions(..)
      my entityManager works properly in other methods


      there is no exception and the result is ture but there is no entry in the database.


      I configured the PermissionManager like this:



           <security:permission-manager
                permission-store="#{org.jboss.seam.security.jpaPermissionStore}" />
      
           <security:jpa-permission-store
                user-permission-class="ch.pomop.dummy.security.AccountPermission" />




      my AccountPermission looks like this



      @Entity
      public class AccountPermission implements Serializable {
           /**
          * 
          */
         private static final long serialVersionUID = -1901644563196207597L;
           private Integer permissionId;
           private String recipient;
           private String target;
           private String action;
           private String discriminator;
      
           
           public AccountPermission()
           {
              System.out.println("------------>");
           }
           
           @Id
           @GeneratedValue
           public Integer getPermissionId() {
                return permissionId;
           }
      
           public void setPermissionId(Integer permissionId) {
                this.permissionId = permissionId;
           }
      
           @PermissionUser
           @PermissionRole
           public String getRecipient() {
                return recipient;
           }
      
           public void setRecipient(String recipient) {
                this.recipient = recipient;
           }
      
           @PermissionTarget
           public String getTarget() {
                return target;
           }
      
           public void setTarget(String target) {
                this.target = target;
           }
      
           @PermissionAction
           public String getAction() {
                return action;
           }
      
           public void setAction(String action) {
                this.action = action;
           }
      
           @PermissionDiscriminator
           public String getDiscriminator() {
                return discriminator;
           }
      
           public void setDiscriminator(String discriminator) {
                this.discriminator = discriminator;
           }
      }



      Is there something wrong what I am trying to do?
      Thx for your help!!
      greetz Marco


        • 2. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
          Marco Röösli Newbie

          yes i have this:


          my testClass looks like:


          import org.jboss.seam.annotations.Name;
          import org.jboss.seam.annotations.security.permission.Identifier;
          
          
          @Identifier(name="testClass")
          @Name("testClass")
          public class TestClass {
            
          }



          • 3. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
            Shane Bryzak Master

            Specifying just the name attribute will work for class identifiers, but not for instances.  You also need to implement an IdentifierStrategy for TestClass and specify it in the @Identifier annotation also.  E.g, the IdentifierStrategy:


            public class TestClassIdentifierStrategy implements IdentifierStrategy {
            
               public boolean canIdentify(Class targetClass) {
                 return TestClass.class.equals(targetClass);
               }   
            
               public String getIdentifier(Object target) {
                 return someUniquePropertyOfTheTestClassInstance;
               }
            }



            And the corresponding configuration:


            @Identifier(value = TestClassIdentifierStrategy.class)
            @Name("testClass")
            public class testClass {


            • 4. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
              Marco Röösli Newbie

              thanks shane for your fast answhere!


              Oke I tryed that now:


              My Test Class


              import org.jboss.seam.annotations.Name;
              import org.jboss.seam.annotations.security.permission.Identifier;
              
              import ch.pomop.dummy.security.TestClassIdentifierStrategy;
              
              @Identifier(value = TestClassIdentifierStrategy.class)
              @Name("testClass")
              public class TestClass {
                
                 private int dummyValue;
                 private String ident;
                 
              
                 public String getIdent() {
                    return ident;
                 }
              
                 public void setIdent(String ident) {
                    this.ident = ident;
                 }
              
                 public int getDummyValue() {
                    return dummyValue;
                 }
              
                 public void setDummyValue(int dummyValue) {
                    this.dummyValue = dummyValue;
                 }
                 
                 
              }
              



              My Strategy


              public class TestClassIdentifierStrategy implements IdentifierStrategy {
              
                 public boolean canIdentify(Class targetClass) {
                   return TestClass.class.equals(targetClass);
                 }   
              
                 public String getIdentifier(Object target) {
                 
                   return ((TestClass)target).getIdent();
                 }
              }



              the call


                     
              ....
                      TestClass tc=new TestClass();
                   tc.setIdent("mytestclassObject1");
                   
                   Permission p1= new Permission(tc,"view",identity.getPrincipal());
                   Permission p2= new Permission(tc,"test",identity.getPrincipal());
                   
                   List<Permission> permissions= new ArrayList<Permission>();
                   permissions.add(p1);
                   permissions.add(p2);
                   
                   permissionManager.grantPermissions(permissions);
              ....
              



              there is still no exception and no value in the database. What else can be wrong now?


              greetz Marco

              • 5. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                Shane Bryzak Master

                The rest of your code looks fine to me.  I suggest you set a breakpoint in JpaPermissionStore.updatePermissionActions() and debug what's happening when you grant the permissions.

                • 6. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                  Marco Röösli Newbie

                  while debung updatePermissionActions(..)


                  all looks good and then it comes to:


                  ..
                    
                    lookupEntityManager().persist(instance);
                  ..
                  


                  instance object looks good


                  then it comes to



                  (class:EntityMangerProxy.java)


                   public void persist(Object entity)
                     {
                        delegate.persist(entity);
                     }
                  


                  that looks good too


                  and it returns true in updatePermissionAction(..)


                  but the persist(..) method has no effect to my database the method which calls permissionManager.grantPermissions(permissons); is @Transactional


                  that is strange I don't know what can be wrong


                  my bee there is a problem here lookupEntityManager() and it my bee dosen't get the right entity manager


                  greetz Marco






                  • 7. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                    Shane Bryzak Master

                    That does seem strange.  Is your entity manager actually called entityManager ?  Could you post your components.xml?  If you wanted to put together a minimal test case that reproduces the problem and send to me directly I'd be happy to take a look for you.

                    • 8. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                      Marco Röösli Newbie

                      I am using hte default name entityManager


                      My components.xml


                      <?xml version="1.0" encoding="UTF-8"?>
                      
                      
                      <components xmlns="http://jboss.com/products/seam/components"
                           xmlns:core="http://jboss.com/products/seam/core"
                           xmlns:web="http://jboss.com/products/seam/web"
                           xmlns:persistence="http://jboss.com/products/seam/persistence"
                           xmlns:remoting="http://jboss.com/products/seam/remoting"
                           xmlns:drools="http://jboss.com/products/seam/drools"
                           xmlns:security="http://jboss.com/products/seam/security"
                           xmlns:mail="http://jboss.com/products/seam/mail"
                           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                           xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd
                                       http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.1.xsd 
                                       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd
                                       http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.1.xsd
                                       http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd
                                       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd
                                       http://jboss.com/products/seam/remoting http://jboss.com/products/seam/remoting-2.1.xsd">
                      
                           <core:init jndi-pattern="pomop/#{ejbName}/local" debug="true" />
                      
                           <core:manager concurrent-request-timeout="500"
                                conversation-timeout="120000" conversation-id-parameter="cid"
                                parent-conversation-id-parameter="pid" />
                      
                      
                      
                           <persistence:managed-persistence-context name="entityManager"
                                auto-create="true"
                                persistence-unit-jndi-name="java:/pomopEntityManagerFactory" />
                      
                           <factory name="hibernateSession" scope="STATELESS"
                                auto-create="true" value="#{entityManager.delegate}" />
                      
                      
                      
                           <security:identity-manager identity-store="#{jpaIdentityStore}" />
                      
                           <security:jpa-identity-store
                                user-class="ch.pomop.dummy.security.UserAccount"
                                role-class="ch.pomop.dummy.security.Role" />
                      
                           <security:rule-based-permission-resolver
                                security-rules="#{securityRules}" />
                      
                           <drools:rule-base name="securityRules">
                                <drools:rule-files>
                                     <value>/META-INF/security-rules.drl</value>
                                </drools:rule-files>
                           </drools:rule-base>
                      
                      
                           <!--
                                <security:permission-manager
                                permission-store="#{org.jboss.seam.security.jpaPermissionStore}" />
                           -->
                           <security:jpa-permission-store
                                user-permission-class="ch.pomop.dummy.security.AccountPermission" />
                      
                      </components>



                      I will send you a minimal test case in the course of the day. Thx for your help!


                      greetz Marco

                      • 9. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                        Shane Bryzak Master

                        Your configuration looks fine.. I'll wait for your test case, hopefully it won't be too hard to spot the problem.

                        • 10. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                          Marco Röösli Newbie

                          I couldn't reproduce the problem. I made a completly new project (a seam/jsf project wiht seam setup / seam create command) and i setted up everything like I had it in the other project. In this new project the same code works and the entry comes into the database.


                          There is only one difference between my testcaseproject and my other project. In my testcase Project I call the method directly from a JSF page. In my other Project I am using gxt/gwt and call a RPC Method on the Seam Server. This RPC method calls the grant method.


                          here is my ServiceImplementation Method:


                          @In(create=true)
                             private StartupClass startupClass;
                          
                             @WebRemote
                             public void grantPermissions() {
                               
                               startupClass.test();
                             }



                          StartupClass is the SameClass what I used in my testcase Project:


                          @Name("startupClass")
                          public class StartupClass {
                             
                          
                             @In
                             PermissionManager permissionManager;
                             
                             public StartupClass(){
                               System.out.println("foo");
                             }
                             
                            
                             @Transactional
                             private void grant(List<Permission> permissions)
                             {
                               permissionManager.grantPermissions(permissions);
                             }
                             
                              public void test()
                             {
                                TestClass tc=new TestClass();
                               tc.setIdent("mytestclassObject1");
                               Principal prrincipal = new SimplePrincipal("root");
                               Permission p1= new Permission(tc,"view",prrincipal);
                               Permission p2= new Permission(tc,"test",prrincipal);
                               
                               List<Permission> permissions= new ArrayList<Permission>();
                               permissions.add(p1);
                               permissions.add(p2);
                               grant(permissions);
                             }



                          So the only one difference is the @WebRemote annotation
                          I also enabled to show mysql logs in conole in my test case example it has made the insert into statement. In my other project is no instert statement and therefore no value in the database.


                          I try to implement a remote service too in my test case project and then I am surprised what will happend.


                          Doese it matter if an @WebRemote methode calls the grant ?


                          greetz Marco




                          • 11. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                            Shane Bryzak Master

                            Could you please raise this in JIRA?  I just realised that we don't actually have any Seam example that updates data during a remoting/GWT call.  At the very least we should document this if there's any special configuraton required.

                            • 13. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                              Lars Huber Newbie

                              Is it a Seam Problem? We want to use the PermissionStore in conjunction with remoting too. What is an appropriate workaround?


                              thanks
                              lars

                              • 14. Re: permissionManager.grantPermissions(..) returns true but the values are not in the database
                                Shane Bryzak Master

                                I've scheduled this issue for the 2.1.1.GA release - I can't recommend a workaround at the moment sorry, because I don't understand the problem yet :)

                                1 2 Previous Next