0 Replies Latest reply on Oct 26, 2009 9:54 PM by Akhbar Falafel

    identityManager.createUser() not working

    Akhbar Falafel Newbie

      I am trying to implement user registration in a manner similar to the SeamSpace example.  I have created an action that allows an anonymous user to register for an account containing the following code:




      new RunAsOperation() {
      
                     @Override
                     public void execute() {
                          if (logger.isDebugEnabled()) {
                               logger.debug("$RunAsOperation.execute() - start"); //$NON-NLS-1$
                          }
      
                          identityManager.createUser(getUsername(), getPassword());
                          identityManager.grantRole(getUsername(), "member");
      
                          if (logger.isDebugEnabled()) {
                               logger.debug("$RunAsOperation.execute() - end"); //$NON-NLS-1$
                          }
                     }
                }.addRole("admin").run();





      I copied this code nearly verbatim from the SeamSpace example, however I get the following exception when I hit the identityManager.createUser() line:




      SEVERE: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
      javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]





      I am running this app in Tomcat without Embedded EJB.  The relevant lines from my components.xml and security.drl files are below.  Can anyone tell me why this isn't working?  I've opened up the permissions as best I could in security.drl so that the admin role should be able to do anything, but I still get the exception.  Any advice or guidance?


      Steve


      components.xml:
           


      <security:jpa-permission-store
                user-permission-class="net.odyssi.corvus.entities.UserAccountPermission" />
      
           <drools:rule-base name="securityRules">
                <drools:rule-files>
                     <value>/META-INF/security.drl</value>
                </drools:rule-files>
           </drools:rule-base>
      
           <security:rule-based-permission-resolver
                security-rules="#{securityRules}" />
      
           <security:jpa-identity-store user-class="net.odyssi.corvus.entities.UserAccount"
                role-class="net.odyssi.corvus.entities.AuthorizationRole" />
           <security:identity-manager identity-store="#{jpaIdentityStore}" />







      security.drl:



      package SeamSpacePermissions;
      
      dialect 'mvel'
      
      import java.security.Principal;
      
      import org.jboss.seam.security.permission.PermissionCheck;
      import org.jboss.seam.security.permission.RoleCheck;
      import org.jboss.seam.security.Role;
      
      rule ManageUsers
        no-loop
        activation-group "permissions"
      when
        check: PermissionCheck(target == "seam.user", granted == false)
        AuthorizationRole(name == "admin")
      then
        check.grant();
      end
      
      rule ManageRoles
        no-loop
        activation-group "permissions"
      when
        check: PermissionCheck(target == "seam.role", granted == false)
        AuthorizationRole(name == "admin")
      then
        check.grant();
      end