Hi,
I'm facing a Seam Security issue with jboss-seam 2.1.2.GA.
The problem is when i have a user with a username that is same as an existing role name. Seam will give this user all the permissions configured for this role, although the user has'nt the role.
Here is my configuration
<drools:rule-base name="securityRules"> <drools:rule-files> <value>META-INF/security.drl</value> </drools:rule-files> </drools:rule-base> <security:identity-manager identity-store="#{jpaIdentityStore}" role-identity-store="#{jpaIdentityStore}"/> <security:jpa-identity-store user-class="com.XXXX.TSMUser" role-class="com.XXXX.TSMRole"/> <security:rule-based-permission-resolver security-rules="#{securityRules}" /> <security:persistent-permission-resolver permission-store="#{jpaPermissionStore}" /> <security:jpa-permission-store user-permission-class="com.XXXX.TSMPermission" /> <security:permission-manager permission-store="#{jpaPermissionStore}" />
Thank you in advance for your help.