4 Replies Latest reply on Dec 13, 2010 11:48 AM by Shawn Zimmerman

    Permissions list for project

    Shawn Zimmerman Newbie

      I am trying to understand Permissions and the best way to implement them.  I currently have secured my application with permissions checks via JpaPermissionStore on the view, class and method levels.  Here is a typical example of how I secure methods: @Restrict("#{s:hasPermission('userAction','createUser')}").


      I would like to create a view that displays ALL permissions for my project, allowing the end-user (administrator in this case) assign the permissions to various roles/users.  Much like jpaPermissionStore.listPermissions(UserAction.class) is for one class of the project, I want to list permissions for all objects in the project thus allowing full management of the permissions of the application.  If I can do this, then the permissions can be maintained simply from the permission checks in the code (albeit just the class and method checks).


      If this isn't recommended, then should I have a separate table (manually maintained) listing all possible permissions of the application and then add them to the jpaPermissionStore when granted?


      Ultimately I am looking for a simple way for an administrator to manage permissions for specific users/roles via views!


      Shawn

        • 1. Re: Permissions list for project
          Tauseef Ahmed Newbie

          Hi,


          Try persistantBasedPermissionResolver and use Permission (User/Role) class for storage.


          try http://java.dzone.com/articles/acl-security-in-seam


          Thanks,
          Tauseef


          • 2. Re: Permissions list for project
            Shawn Zimmerman Newbie

            I have already setup a persistent permission resolver and it works well.  At this point, I am looking for a simple way to manage application permissions via views.


            If you look at the bottom of page 3 of the above article, this summarizes what I want to accomplish:



            look at how we can create permission management views to more easily manage our object permissions through a nice user interface.

            Unfortunately I can't find ACL Security In Seam, Part 2 published anywhere!

            • 3. Re: Permissions list for project
              Shane Bryzak Master

              Unfortunately I didn't get around to writing Part 2 as that was around the time we decided to investigate using PicketBox/PicketLink to provide ongoing security features for Seam.


              As for your issue, I'm assuming you have a UserPermission table etc in your application which you use to store your permissions.  There's nothing stopping you from creating a view that reads the records directly from this table, without going through the PermissionManager API.  That is the approach that I would recommend to create a view that displays all permissions.

              • 4. Re: Permissions list for project
                Shawn Zimmerman Newbie

                I am looking forward to understanding PicketBox/PicketLink in Seam 3!


                I do have a UserPermission table built into the application.  I can query that table directly for assigned permissions, however, it is assuming that at least one roles/user possess all possible permissions.


                I may end up creating a separate table holding all possible permissions and allowing a view to assign those permissions to either a role or user.


                It got me going in the right direction.  Thanks.