0 Replies Latest reply on Jul 25, 2009 1:04 AM by Mark Torres

    Rule-based security and drools agent

    Mark Torres Newbie

      I'm trying to use rule-based security along with drools:rule-agent. My rule agent is configured as follows:



      <drools:rule-agent name="securityRules"
                url="our_url"
                local-cache-dir="#{env.property('java.io.tmpdir')}"
                new-instance="false"
                poll="30"
                config-name="securityConfig"
                auto-create="true" />




      We set new-instance to false so that the rulebase picks up the changes automatically. However we're still having issues with permissions not working correctly.


      I did some peeking and in RuleBasedPermissionResolver, the creation of the statefulsession has false on the keepReference parameter.



      if (getSecurityRules() != null)
            {
               setSecurityContext(getSecurityRules().newStatefulSession(false));
               getSecurityContext().setGlobalResolver(new SeamGlobalResolver(getSecurityContext().getGlobalResolver()));
            }



      According to drools documentation, when set to true, which is the default, the rulebase maintains a weak reference to the working memory. So I was thinking its ok to just leave it blank. We overrode the RuleBasedPermissionResolver to



      @Override
           protected void initSecurityContext() {
                super.initSecurityContext();
                if (getSecurityRules()!=null){
                     //set a stateful session that is referred to by the rulebase.
                     //this is for agent-based deployment.
                     setSecurityContext(getSecurityRules().newStatefulSession());
                   getSecurityContext().setGlobalResolver(new SeamGlobalResolver(getSecurityContext().getGlobalResolver()));
                }
           }



      and it started working correctly.


      Is there any reason that RuleBasedPermissionResolver had it to false? Will it make sense to make this configurable via


      <security:rule-based-permission-resolver/>



      as a feature of seam security?


      Thanks for your input.