Need help on Seam + drools
sijalica Jun 17, 2012 7:55 PMHi everyone
I have just started a project using JBoss + RESTeasy + Seam + Drools and I can't make drools work. So my project setup looks like this.
components.xml is in webapp/META-INF/ and it looks like this:
<components xmlns="http://jboss.com/products/seam/components" xmlns:core="http://jboss.com/products/seam/core" xmlns:security="http://jboss.com/products/seam/security" xmlns:drools="http://jboss.com/products/seam/drools" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd"> <drools:rule-base name="securityRules"> <drools:rule-files> <value>/META-INF/security.drl</value> </drools:rule-files> </drools:rule-base> </components>
security.drl is in both resources/META-INF/ and webapp/META-INF/ and it looks like this:
package Permissions; dialect 'mvel' import org.jboss.seam.security.permission.PermissionCheck; import org.picketlink.idm.api.Role; import org.picketlink.idm.api.User; import org.picketlink.idm.api.Group; rule IsDemoUser no-loop activation-group "permissions" when check: PermissionCheck(resource == "demo", permission == "execute", granted == false) System.out.println("demo"); then check.grant(); end rule IsInUserGroup no-loop activation-group "permissions" when check: PermissionCheck(name == "user", permission == "execute", granted == false) then System.out.println("user"); check.grant(); end
Please notice that in first rule I check resource==demo and in a second name==user.
My Restrictions.java looks like this:
public class Restrictions { public public @Secures @User boolean isUser(Identity identity) { return identity.inGroup("USERS", "GROUP"); } public @Secures @Foo(bar = "demo") boolean isDemoUser(Identity identity) { System.out.println("check bar=demo"); return identity.hasPermission("demo", "execute"); } public @Secures @Foo(bar = "user") boolean isInUserGroup(Identity identity) { System.out.println("check bar=user"); return identity.hasPermission("user", "execute"); } }
User and Foo interfaces are defined according to an example from 3.1.0-Final and I have 3 services:
@User @GET @Path("/user") @Produces(MediaType.TEXT_HTML) public String user() { return "Hello " + fCredentials.getUsername() + "!"; } @Foo(bar="demo") @GET @Path("/foodemo") @Produces(MediaType.TEXT_HTML) public String foodemo() { return "Hello " + fCredentials.getUsername() + "!"; } @Foo(bar="user") @GET @Path("/foouser") @Produces(MediaType.TEXT_HTML) public String foouser() { return "Hello " + fCredentials.getUsername() + "!"; }
So the aftermath looks like this:
- First service works fine and I get response when I invoke the service
- When I call second service I get a print in the JBoss console "check bar=demo" but I don't see system.out.println from security.drl file nor the access is granted.
- Same for the third service.