3 Replies Latest reply on Jun 19, 2012 7:10 PM by sijalica

    Need help on Seam + drools

    sijalica

      Hi everyone

       

      I have just started a project using JBoss + RESTeasy + Seam + Drools and I can't make drools work. So my project setup looks like this.

       

      components.xml is in webapp/META-INF/ and it looks like this:

       

      <components xmlns="http://jboss.com/products/seam/components"
                  xmlns:core="http://jboss.com/products/seam/core"
                  xmlns:security="http://jboss.com/products/seam/security"
                  xmlns:drools="http://jboss.com/products/seam/drools"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd
                       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd
                       http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd
                       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd">
      
         <drools:rule-base name="securityRules">
             <drools:rule-files>
                 <value>/META-INF/security.drl</value>
             </drools:rule-files>
         </drools:rule-base>
      </components>
      
      

       

      security.drl is in both resources/META-INF/ and webapp/META-INF/ and it looks like this:

       

      package Permissions;
      
      dialect 'mvel'
      
      import org.jboss.seam.security.permission.PermissionCheck;
      import org.picketlink.idm.api.Role;
      import org.picketlink.idm.api.User;
      import org.picketlink.idm.api.Group;
      
      rule IsDemoUser
        no-loop
        activation-group "permissions"
      when
        check: PermissionCheck(resource == "demo", permission == "execute", granted == false)
         System.out.println("demo");
      then
        check.grant();
      end
      
      rule IsInUserGroup
        no-loop
        activation-group "permissions"
      when
        check: PermissionCheck(name == "user", permission == "execute", granted == false)
      then
        System.out.println("user");
        check.grant();
      end
      
      

       

      Please notice that in first rule I check resource==demo and in a second name==user.

       

       

      My Restrictions.java looks like this:

       

      public class Restrictions {
        
       public
          
          public
          @Secures
          @User
          boolean isUser(Identity identity) {
              return identity.inGroup("USERS", "GROUP");
          }
        
          public @Secures @Foo(bar = "demo") boolean isDemoUser(Identity identity) {
               System.out.println("check bar=demo");
              return identity.hasPermission("demo", "execute");
          }
        
          public @Secures @Foo(bar = "user") boolean isInUserGroup(Identity identity) {
               System.out.println("check bar=user");
              return identity.hasPermission("user", "execute");
          }
        
      }
      
      

       

      User and Foo interfaces are defined according to an example from 3.1.0-Final and I have 3 services:

       

       

       @User
       @GET
       @Path("/user")
       @Produces(MediaType.TEXT_HTML)
       public String user() {
       return "Hello " + fCredentials.getUsername() + "!";
       }
      
       @Foo(bar="demo")
       @GET
       @Path("/foodemo")
       @Produces(MediaType.TEXT_HTML)
       public String foodemo() {
       return "Hello " + fCredentials.getUsername() + "!";
       }
      
       @Foo(bar="user")
       @GET
       @Path("/foouser")
       @Produces(MediaType.TEXT_HTML)
       public String foouser() {
       return "Hello " + fCredentials.getUsername() + "!";
       }
      
      

       

      So the aftermath looks like this:

      - First service works fine and I get response when I invoke the service

      - When I call second service I get a print in the JBoss console "check bar=demo" but I don't see system.out.println from security.drl file nor the access is granted.

      - Same for the third service.