3 Replies Latest reply on Apr 4, 2010 1:41 PM by Rene Felgenträger

    need help with Seam Identity

    nguyen dang Newbie

      Hi, I wrote a new class which subclass from org.jboss.seam.security.Identity in order to cache the permission, here is the code




      @Name("identity")
      @Scope(ScopeType.SESSION)
      @BypassInterceptors
      @Startup
      public class CmsIdentity extends Identity {
      
          HashMap<String, Boolean> permissionMap = new HashMap<String, Boolean>();
          HashMap<String, Boolean> roleMap = new HashMap<String, Boolean>();
           
          @Override
          public boolean hasPermission(Object target, String action) {
              String key = target.toString() + action;
              if (permissionMap.get(key) == null) {
                  boolean result = super.hasPermission(target, action);
                  permissionMap.put(key, result);
                  return result;
              } else {
                  return permissionMap.get(key);
              }
          }
             
          @Override
          public boolean hasRole(String role) {
              String key = role;
              if (roleMap.get(key) == null) {
                  boolean result = super.hasRole(role);
                  roleMap.put(key, result);
                  return result;
              } else {
                  return roleMap.get(key);
              }
          }
      }



      the thing is, when i call an EL like {not identity.loggedIn} it's ok. But when i check restriction using {s:hasRole('admin')} or {s:hasPermission('target','action')}, the NotLoginException is thrown. Here is the strace:






      org.jboss.seam.security.NotLoggedInException
              at org.jboss.seam.security.Identity.checkRestriction(Identity.java:217)
              at org.jboss.seam.navigation.Page.checkPermission(Page.java:263)
              at org.jboss.seam.navigation.Page.preRender(Page.java:283)
              at org.jboss.seam.navigation.Pages.preRender(Pages.java:350)
              at org.jboss.seam.jsf.SeamPhaseListener.preRenderPage(SeamPhaseListener.java:561)
              at org.jboss.seam.jsf.SeamPhaseListener.beforeRenderResponse(SeamPhaseListener.java:472)
              at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:148)
              at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:118)
              at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:214)
              at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:96)
              at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)





      The org.jboss.seam.security.Identity.checkRestriction() method is not supposed to be called but the subclass with higher precedence instead. Is there any ideas ? Thanks.