0 Replies Latest reply on Jan 28, 2011 7:09 AM by rex na

    seam security question regarding drools usage

    rex na Newbie
      Hi,

      I'm new to drools and having troubles in using drools with seam framework. Specifically speaking,

      I have the following tables(namely entities):
      User table:
      Long id,
      String name,
      List<AccountPermission> permissions

      AccountPermission table:
      Long id,
      User user,
      Account account

      Account table:
      Long id,
      Long name,
      Set<Comment> comments

      Comment table:
      Long id,
      Account account

      and my drl file:

      rule "insertCommentRule"
          no-loop
      when
              $check: PermissionCheck(target == "commentHome", action == "insertComment")
              Principal($username: name)
           <...........more rules should be put here>
      then
             $check.grant();
      end

      Lastly, I have an action in CommentHome, a seam component with name "commentHome" and this action is used to insert a comment.

      As above, I understand some rules can be put there to control whether the current user is authorised to insert a comment. However, I have failed in many different ways.
      I looked through seam books and reference as well. Nothing really explained clearly on how to do a process control with seam components.

      All I wanna do is to check whether a user who just log in with valid credentials have permissions to insert comments. It's really hard for me to get to that point. So could anybody show me how to do it with seam? I really appreciate it. Thanks in advance.