13 Replies Latest reply on Dec 6, 2011 11:59 AM by Marcos Maia

    JpaIdentityStore Implementation - Authorization check failed for permission ...

    Marcos Maia Newbie

      I'm trying to implement for the first time a JpaIdentityStore registration using Seam. I'm new to Seam.


      So far I hava a User and Role entity market with jpa anotations as follows(note that email field is used as username).


      User:


      package br.com.anototudo.model.user;
      
      import..
      
      @Entity
      @Scope(ScopeType.SESSION)
      @Name("user")
      public class User implements Serializable{
      
              private static final long serialVersionUID = 5059329828560429517L;
              private Long id;
              private String nome;
              private String email;
              private String senha;
              private List<Role> roles;
              
              
              @Id
              @GeneratedValue
              public Long getId() {
                      return id;
              }
              
              @UserPrincipal
              @Length(max = 50)
              @NotNull
              @Email
              @Column(unique=true)
              public String getEmail() {
                      return email;
              }
              
              @UserPassword(hash="none")
              @Length(min=6, max = 20)
              @NotNull
              public String getSenha() {
                      return senha;
              }
      
              
              @UserRoles
              @ManyToMany(fetch=FetchType.EAGER)
              @JoinTable(joinColumns={@JoinColumn(name="user_id")}, inverseJoinColumns={@JoinColumn(name="role_id")})
              public List<Role> getRoles() {
                      return roles;
              }
              public void setRoles(List<Role> roles) {
                      this.roles = roles;
              }
      
      ...
      
      }
      



      Role:




      package br.com.anototudo.model.user;
      
      import...
      
      @Entity
      @Name("role")
      public class Role implements Serializable {
              
              private static final long serialVersionUID = 3905381619401193034L;
              private Long id;
              private String nome;
              private String descricao;
              
              @Id
              @GeneratedValue
              public Long getId() {
                      return id;
              }
              
              @RoleName
              @Length(max = 100)
              @NotNull
              @Column(unique=true)
              public String getNome() {
                      return nome;
              }
      ...
      
      }




      Than I have a UserRegister.xhtml:




      ...
      
      
                                      <s:decorate id="emailField" template="layout/edit.xhtml">
                                              <ui:define name="label">Email</ui:define>
                                              <h:inputText id="email" required="true" size="50" maxlength="50"
                                                      value="#{user.email}">
                                                      <a:support event="onblur" reRender="emailField"
                                                              bypassUpdates="true" ajaxSingle="true" />
                                              </h:inputText>
                                      </s:decorate>
      
      
                                      <s:decorate id="nomeField" template="layout/edit.xhtml">
                                              <ui:define name="label">Nome</ui:define>
                                              <h:inputText id="nome" required="true" size="100" maxlength="100"
                                                      value="#{user.nome}">
                                                      <a:support event="onblur" reRender="nomeField"
                                                              bypassUpdates="true" ajaxSingle="true" />
                                              </h:inputText>
                                      </s:decorate>
      
      
                                      <s:decorate id="passwordDecorate" template="layout/edit.xhtml">
                                              <ui:define name="label">
                                                                      Password:
                                                              </ui:define>
                                              <s:decorate>
                                                      <h:inputSecret id="password" value="#{user.senha}"
                                                              required="true" requiredMessage="Campo Obrigatório" />
                                              </s:decorate>
                                      </s:decorate>
      
                                      <s:decorate id="verifyDecorate" template="layout/edit.xhtml">
                                              <ui:define name="label">
                                                                      Verify Password:
                                                              </ui:define>
                                              <s:decorate>
                                                      <h:inputSecret id="verificar" value="#{registroBean.verificar}"
                                                              required="true" requiredMessage="Campo Obrigatório" />
                                              </s:decorate>
                                      </s:decorate>
      
                              <div class="actionButtons"><h:commandButton id="save"
                                      value="Save" action="#{registroBean.registrarUsuario()}" /></div>
      ...
      



      Also have developed a Stateful where I try to add the user. UserRegistroBean:




      package br.com.anototudo.sessionbeans;
      
      import ...
      
      @Stateful
      @Scope(ScopeType.EVENT)
      @Name("registroBean")
      public class UserRegistroBean implements UserRegistro{
              @In
              private User user;
      
              @In
              private IdentityManager identityManager;
              
              @In 
              private StatusMessages statusMessages;
              
              Logger log = Logger.getLogger(UserRegistroBean.class.getName());
      
              private String verificar;
              
              private boolean registrado;
              
              public void registrarUsuario()
              {
                      log.info("Entrou UserRegistroBean.registrarUsuario");
                      if ( user.getSenha().equals(verificar) )
                        {
                                try {
                                       new RunAsOperation() {
                                               public void execute() {
                                                       identityManager.createUser(user.getEmail(), user.getSenha());
                                                       identityManager.grantRole(user.getEmail(), "DIETA_CALORIAS");
                                               }
                                       }.addRole("admin").run();
                                       
                               statusMessages.add("Successfully registered as #{user.username}");
                               registrado = true;
                                } catch(IdentityManagementException e) {
                                       statusMessages.add(e.getMessage());
                                }
                        }
                    else 
                    {
                       statusMessages.addToControl("verificar", "Senha não confere. Digite novamente!");
                       verificar=null;
                    }
              }
              ...
      }
      



      Finally I have registered my intention in components.xml



      <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
         
         <security:jpa-identity-store user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>
      



      The error pops in the call to registrarUsuario() method from UserRegistroBean above and the error message follows:





      22:17:56,019 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
      javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
              at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
              at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
              at javax.faces.component.UICommand.broadcast(UICommand.java:387)
              at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
              at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
              at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
              at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
              at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
              at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
              at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
              at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
              at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
              at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
              at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
              at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
              at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
              at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
              at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
              at java.lang.Thread.run(Thread.java:619)
      Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
              at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
              at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:99)
              at org.jboss.seam.security.management.IdentityManager.createUser(IdentityManager.java:94)
              at br.com.anototudo.sessionbeans.UserRegistroBean$1.execute(UserRegistroBean.java:46)
              at org.jboss.seam.security.Identity.runAs(Identity.java:743)
              at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:75)
              at br.com.anototudo.sessionbeans.UserRegistroBean.registrarUsuario(UserRegistroBean.java:49)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)





      I'm new to Seam and any help would be appreciated.




      []s





        • 1. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
          Michael Wohlfart Expert

          Hi Marcos,


          "Authorization check failed for permission[seam.user,create]"


          means the role admin which you use to perform the user creation action doesn't have the permission for creating a user.
          A simple solution for testing is to use Identity.setSecurityEnabled(false);


          Take a look at the permission stuff in the docs.

          • 2. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
            Marcos Maia Newbie

            Hi,


            I took a look at docs and found this entry that follows. As it mentions rules I believe this should be used for Drools engine. Questions:


            The JpaIdentityStore uses drools?
            Should I place this code in security.drl file?


            The official docs doesn't mention where to place the code. Only shows this snippet:




            The following code listing provides an example set of security rules that grants access to all Identity Management-related methods to members of the admin role:



            rule ManageUsers
              no-loop
              activation-group "permissions"
            when
              check: PermissionCheck(name == "seam.user", granted == false)
              Role(name == "admin")
            then
              check.grant();
            end
            
            rule ManageRoles
              no-loop
              activation-group "permissions"
            when
              check: PermissionCheck(name == "seam.role", granted == false)
              Role(name == "admin")
            then
              check.grant();
            end




            • 3. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
              Michael Wohlfart Expert

              the code is for rules based permissions with Drools, this link describes the setup:
              Drools Setup


              you can also use a persistent permission store: JpaPermissionStore


              or mix both

              • 4. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                Marcos Maia Newbie

                I read the suggested docs and realize I was missing the annotations used to map the JpaIdentityStore . I have market my User and Role with required annotations: @PermissionUser and @PermissionRole . I'm not using the annotations  @PermissionTarget and @PermissionAction . Also I have tryied to register my permissionStore in components.xml:




                <security:jpa-identity-store name="jpaPermissionStore" user-class="br.com.anototudo.model.user.User" role-class="br.com.anototudo.model.user.Role"></security:jpa-identity-store>
                <security:persistent-permission-resolver permission-store="#{jpaPermissionStore}"/>



                Still not working, now I get an error while initializing the application.
                If I comment the security:persistent-permission-resolver tag, my app deploys but registerinig fails as before. :(



                Questions:


                Are @PermissionTarget and @PermissionAction required? What are they used for? Couldn't find any comprehensive explanation for these.


                tx in advance.

                • 5. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                  Marcos Maia Newbie

                  The error follows: Any clues? I'm still lost with this feature. :(




                  18:12:40,655 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
                  java.lang.RuntimeException: Could not create Component: authenticator
                       at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1202)
                       at org.jboss.seam.init.Initialization.installComponents(Initialization.java:1118)
                       at org.jboss.seam.init.Initialization.init(Initialization.java:733)
                       at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
                       at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
                       at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
                       at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
                       at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
                       at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
                       at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
                       at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
                       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                       at java.lang.reflect.Method.invoke(Method.java:597)
                       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
                       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
                       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
                       at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
                       at $Proxy38.start(Unknown Source)
                       at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
                       at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
                       at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
                       at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
                       at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
                       at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                       at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
                       at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                       at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                       at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
                       at org.jboss.system.ServiceController.start(ServiceController.java:460)
                       at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
                       at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
                       at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
                       at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
                       at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
                       at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
                       at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                       at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                       at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                       at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                       at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                       at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
                       at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
                       at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
                       at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:362)
                       at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:255)
                       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
                       at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
                       at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
                       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
                       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
                       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
                       at java.lang.Thread.run(Thread.java:619)
                  Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator
                       at org.jboss.seam.Component.getJndiName(Component.java:451)
                       at org.jboss.seam.Component.<init>(Component.java:233)
                       at org.jboss.seam.Component.<init>(Component.java:205)
                       at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1186)
                       ... 68 more



                  • 6. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                    Marcos Maia Newbie

                    Have just added the target and action fields(I don't know why they're used?????) to my User and the error I'm getting now follows:





                    18:25:21,319 ERROR [[/anototudo]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
                    org.jboss.seam.InstantiationException: Could not instantiate Seam component: org.jboss.seam.security.persistentPermissionResolver
                         at org.jboss.seam.Component.newInstance(Component.java:2144)
                         at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304)
                         at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278)
                         at org.jboss.seam.contexts.ServletLifecycle.endInitialization(ServletLifecycle.java:116)
                         at org.jboss.seam.init.Initialization.init(Initialization.java:740)
                         at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36)
                         at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910)
                         at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393)
                         at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
                         at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
                         at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
                         at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
                         at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                         at java.lang.reflect.Method.invoke(Method.java:597)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
                         at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
                         at $Proxy38.start(Unknown Source)
                         at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
                         at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
                         at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
                         at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
                         at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
                         at org.jboss.system.ServiceController.start(ServiceController.java:460)
                         at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
                         at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
                         at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
                         at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
                         at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
                         at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
                         at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
                         at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
                         at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)
                         at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
                         at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
                         at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
                         at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
                         at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
                         at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)
                         at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)
                         at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
                         at org.jboss.Main.boot(Main.java:221)
                         at org.jboss.Main$1.run(Main.java:556)
                         at java.lang.Thread.run(Thread.java:619)
                    Caused by: java.lang.IllegalArgumentException: could not set property value: org.jboss.seam.security.persistentPermissionResolver.setPermissionStore
                         at org.jboss.seam.Component.setPropertyValue(Component.java:1915)
                         at org.jboss.seam.Component.initialize(Component.java:1528)
                         at org.jboss.seam.Component.postConstructJavaBean(Component.java:1453)
                         at org.jboss.seam.Component.postConstruct(Component.java:1376)
                         at org.jboss.seam.Component.newInstance(Component.java:2129)
                         ... 75 more
                    Caused by: java.lang.IllegalArgumentException: Could not invoke method by reflection: PersistentPermissionResolver.setPermissionStore(org.jboss.seam.security.permission.PermissionStore) with parameters: (org.jboss.seam.security.management.JpaIdentityStore) on: org.jboss.seam.security.permission.PersistentPermissionResolver
                         at org.jboss.seam.util.Reflections.invoke(Reflections.java:32)
                         at org.jboss.seam.Component.setPropertyValue(Component.java:1911)
                         ... 79 more
                    Caused by: java.lang.IllegalArgumentException: argument type mismatch
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                         at java.lang.reflect.Method.invoke(Method.java:597)
                         at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
                         ... 80 more




                    Any ideas? I'm really lost here!!!!

                    • 7. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                      Marcos Maia Newbie

                      I found the follow snippet in the error stack:



                      Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator





                      I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).


                      • 8. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                        Shane Bryzak Master

                        Marcos Maia wrote on Mar 30, 2010 00:06:


                        I found the follow snippet in the error stack:


                        Caused by: java.lang.IllegalArgumentException: You must specify org.jboss.seam.core.init.jndiPattern or use @JndiName: authenticator





                        I problably still missing some configuration. Any ideas? (As I mentioned I'm completely new to Seam).




                        Make sure you have this in your components.xml:




                            <core:init jndi-pattern="@jndiPattern@" debug="false"/>



                        • 9. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                          Shane Bryzak Master

                          You're mixing up identity annotations with permission annotations - read this section of the documentation:


                          http://docs.jboss.org/seam/2.2.1.CR1/reference/en-US/html/security.html#d0e9193


                          It lists the annotations that you need to annotate your user and role entities with to configure them for identity management, along with examples.

                          • 10. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                            Marcos Maia Newbie

                            Ok,


                            I got it. Came back to initial implementation. Still getting the error about permission:




                            19:47:40,252 SEVERE [application] org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
                            javax.faces.el.EvaluationException: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,create]
                                 at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)




                            I have used seam-gem to build my project. I can see it's already configured to use Drools. Is this error related to Drools? By now I have no clue about how to solve it??? Any help will be appreciated?

                            • 11. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                              Marcos Maia Newbie

                              I have just added the following code to my drools.dlr file.



                              package Permissions;
                              
                              import java.security.Principal;
                              
                              import org.jboss.seam.security.permission.PermissionCheck;
                              import org.jboss.seam.security.Role;
                              
                              rule ManageUsers
                                no-loop
                                activation-group "permissions"
                              when
                                check: PermissionCheck(name == "seam.user", granted == false)
                                Role(name == "admin")
                              then
                                check.grant();
                              end
                              
                              rule ManageRoles
                                no-loop
                                activation-group "permissions"
                              when
                                check: PermissionCheck(name == "seam.role", granted == false)
                                Role(name == "admin")
                              then
                                check.grant();
                              end




                              It's finally working :)





                              • 12. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                                Clebio Vieira Newbie

                                Oi Marcos, parece que você é brasileiro. Rapaz, to passando pelo mesmo problema.


                                Configurei o arquivo components.xml do Seam com as classes User e Role. Verifiquei que você não precisou
                                criar uma classe UserPermission, correto ? Estou perguntando porque encontrei em varios lugares falando sobre essa classe.


                                A unica coisa que precisou para funcionar foi mesmo esse arquivo drools.dlr ?


                                Abraços.

                                • 13. Re: JpaIdentityStore Implementation - Authorization check failed for permission ...
                                  Marcos Maia Newbie

                                  Isso mesmo, as classes User e Role com anotações e o drools.dir



                                  abçs