1 Reply Latest reply on Apr 8, 2011 6:40 AM by Leo van den berg

    Logged user entity injection problem in session scope

    Sebastian Pawlak Newbie

      Hi,


      I have a problem i dont understand.
      I have ovveriden JpaIdentityStore authenticate method and do outject there user entity. Now i would like to inject it in my own PermissionResolver.


      My IdentityStore


      @Name("org.jboss.seam.security.identityStore")
      @Scope(ScopeType.APPLICATION)
      @Install(precedence = Install.DEPLOYMENT)
      @BypassInterceptors
      @Startup
      public class BSKIdentityStore extends JpaIdentityStore {
      
           private static final long serialVersionUID = 7608904643362715965L;
           
           @Out(scope = ScopeType.SESSION, required = true)
           private User loggedInUser;
           
           @Override
           public boolean authenticate(String username, String password) {
                boolean success = super.authenticate(username, password);
                
                if(success) {
                     loggedInUser = (User) this.lookupUser(username);
                }
                
                return success;
           }
      }
      



      MyPermissionResolver:


      @Name("org.jboss.seam.security.permission.PermissionResolver")
      @Scope(ScopeType.APPLICATION)
      @Install(precedence = Install.DEPLOYMENT)
      @BypassInterceptors
      @Startup
      public class BSKPermissionResolver implements PermissionResolver {
      
          @Logger private Log log;
           
          @In(scope = ScopeType.SESSION) 
          private User loggedInUser;
           
           public boolean hasPermission(Object target, String action) {
                log.info(loggedInUser.getName());
                return false;
           }
      
           public void filterSetByAction(Set<Object> targets, String action) {
                log.info(loggedInUser.getName());
           }     
      }




      The thing is when i log in, and try to print the logged username when he is trying to access restricted method the user is null.
      During debug i see that user is successfully looked-up by lookupUser(username); as i can see this entity
      Whats happening? If there something i am doing from please tell my how to inject logged user entity from IdentityStore to PermissionResolver.