1 Reply Latest reply on Jul 9, 2014 11:13 PM by sebastien.michea

how to replace the default picketlink PersistencePermissionVoter?

sebastien.michea Jul 8, 2014 8:48 PM

Hi,

We are migrating or security module from seam3 to picketlink 2.6 and managed to do it for the Authentication be are struggling with the Authorization.

We have a PermissionVoter

@Model
public class MeveoPermissionVoter implements PermissionVoter {
...
  public VotingResult hasPermission(Object resource, String permission) {

And try to make picketlink use it by creating a producer

@ApplicationScoped
public class MeveoPermissionProducer {

  private static final Logger log = LoggerFactory.getLogger(MeveoPermissionProducer.class);

@Produces @ApplicationScoped
  public PermissionVoter producePermissionVoter(PartitionManager partitionManager) {
  log.info("meveo producePermissionVoter partitionManager="+partitionManager);
    return new MeveoPermissionVoter(partitionManager);
  }
}

but it seems that this method is never called and from a NPE after login we see that it is still the PersistencePermissionVoter that is used

at org.picketlink.idm.permission.acl.spi.PersistentPermissionVoter.hasPermission(PersistentPermissionVoter.java:32)
at org.picketlink.idm.permission.spi.PermissionResolver.resolvePermission(PermissionResolver.java:44)
at org.picketlink.internal.AbstractIdentity.hasPermission(AbstractIdentity.java:245)

We looked at the documentation and examples but cant figure out what is wrong.

-> We managed to get it called by manually removing the PermissionVoterProducer in picketlink impl jar.. but i guess that's not the way to go.

Thank you,
Sebastien

1. Re: how to replace the default picketlink PersistencePermissionVoter?

sebastien.michea Jul 9, 2014 11:13 PM (in response to sebastien.michea)

In fact it is sufficient to create a PermissionVoterProducer in the project in a org.picketlink.producer package. This will overide the picketlink one
Actions