I have a problem regarding roles and permissions. Lets say I have persisted permissions with recipient role "roleA". If I delete the role using
IdentityManager.instance().deleteRole("roleA")
the persisted permissions still are present in the database. I can't find an elegant way to delete the permissions for role "roleA" without knowing targets nor actions (using IdentityManager and PermissionManager). I can remove then from the database by using an named query for the permission entity class, but that bypasses seam security.
Furthermore, not deleted permissions can lead to NPE because JpaPermissionStore can't lookup a role principle for the deleted role while listing permissions.