2 Replies Latest reply on Apr 20, 2010 12:35 AM by Nifs Arpegiuz

    Using grantPermissions of PermissionManager

    Nifs Arpegiuz Newbie

      Hi everyone

      I'm using Seam security in my application, and i want to save permissions using the following method:

      grantPermissions(List<Permission> permissions)

      But, when i execute my application, the view shows this message:

          You don't have permission to access this resource

      and the following exception appears:

      ERROR [EXCEPTIONS] handled and logged exception
      javax.el.ELException: org.jboss.seam.security.AuthorizationException: Autorization check failed for permission[target1,seam.grant-permission]

      ¿How to solve this problem?

      Thanks in advance!!! (This is my first post)

        • 2. Re: Using grantPermissions of PermissionManager
          Nifs Arpegiuz Newbie

          Finally i solved the problem; first we create the rule, in security.drl:

          rule GiveFullPermissions
             perm: PermissionCheck(target == "PermissionsClass", action == "seam.grant-permission", granted == false);
             Role(name == "root");

          PermissionsClass indicates the seam component where the grantPermissions method is used(This is very important).

          So, we add a row in our permission table like the following:

          target           action                recipient   descriminator
          PermissionsClass seam.grant-permission root        user

          The seam reference says: Invoking the methods of PermissionManager requires that the currently authenticated user has the appropriate authorization to perform that management operation

          So in the table showed in the reference, we see that the permission action for grantPermissions() is seam.grant-permission, so that's why we need to insert it before to the database with target equals to PermissionsClass.

          My problem was located in the target passed to:

          new Permission(Object target, String action, Principal recipient)

          As I saw, the target must be exactly PermissionsClass, and now it works!!!

          Thanks Khosro, your post was useful