Finally i solved the problem; first we create the rule, in security.drl:
rule GiveFullPermissions no-loop when perm: PermissionCheck(target == "PermissionsClass", action == "seam.grant-permission", granted == false); Role(name == "root"); then perm.grant(); end
PermissionsClass indicates the seam component where the grantPermissions method is used(This is very important).
So, we add a row in our permission table like the following:
TABLE: OUR_PERMISSION_TABLE target action recipient descriminator PermissionsClass seam.grant-permission root user
The seam reference says:
Invoking the methods of PermissionManager requires that the currently authenticated user has the appropriate authorization to perform that management operation
So in the table showed in the reference, we see that the permission action for grantPermissions() is seam.grant-permission, so that's why we need to insert it before to the database with target equals to PermissionsClass.
My problem was located in the target passed to:
new Permission(Object target, String action, Principal recipient)
As I saw, the target must be exactly PermissionsClass, and now it works!!!
Thanks Khosro, your post was useful