0 Replies Latest reply on Aug 12, 2011 10:11 AM by Riadh Haouari

    Seam Security Permission Bug

    Riadh Haouari Newbie

      Hi,


      I'm facing a Seam Security issue with jboss-seam 2.1.2.GA.
      The problem is when i have a user with a username that is same as an existing role name. Seam will give this user all the permissions configured for this role, although the user has'nt the role.
      Here is my configuration




       <drools:rule-base name="securityRules">
        <drools:rule-files>
         <value>META-INF/security.drl</value>
        </drools:rule-files>
       </drools:rule-base>
      
                                 
       <security:identity-manager identity-store="#{jpaIdentityStore}" 
                                            role-identity-store="#{jpaIdentityStore}"/>
       <security:jpa-identity-store
                user-class="com.XXXX.TSMUser"
                role-class="com.XXXX.TSMRole"/>
           
      <security:rule-based-permission-resolver security-rules="#{securityRules}" />
      <security:persistent-permission-resolver permission-store="#{jpaPermissionStore}" />
      <security:jpa-permission-store user-permission-class="com.XXXX.TSMPermission" />
      <security:permission-manager permission-store="#{jpaPermissionStore}" />




      Thank you in advance for your help.