3 Replies Latest reply: Jun 19, 2012 7:10 PM by deri dzen RSS

Need help on Seam + drools

deri dzen Newbie

Hi everyone

 

I have just started a project using JBoss + RESTeasy + Seam + Drools and I can't make drools work. So my project setup looks like this.

 

components.xml is in webapp/META-INF/ and it looks like this:

 

<components xmlns="http://jboss.com/products/seam/components"
            xmlns:core="http://jboss.com/products/seam/core"
            xmlns:security="http://jboss.com/products/seam/security"
            xmlns:drools="http://jboss.com/products/seam/drools"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd
                 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd
                 http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.1.xsd
                 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd">

   <drools:rule-base name="securityRules">
       <drools:rule-files>
           <value>/META-INF/security.drl</value>
       </drools:rule-files>
   </drools:rule-base>
</components>

 

security.drl is in both resources/META-INF/ and webapp/META-INF/ and it looks like this:

 

package Permissions;

dialect 'mvel'

import org.jboss.seam.security.permission.PermissionCheck;
import org.picketlink.idm.api.Role;
import org.picketlink.idm.api.User;
import org.picketlink.idm.api.Group;

rule IsDemoUser
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(resource == "demo", permission == "execute", granted == false)
   System.out.println("demo");
then
  check.grant();
end

rule IsInUserGroup
  no-loop
  activation-group "permissions"
when
  check: PermissionCheck(name == "user", permission == "execute", granted == false)
then
  System.out.println("user");
  check.grant();
end

 

Please notice that in first rule I check resource==demo and in a second name==user.

 

 

My Restrictions.java looks like this:

 

public class Restrictions {
  
 public
    
    public
    @Secures
    @User
    boolean isUser(Identity identity) {
        return identity.inGroup("USERS", "GROUP");
    }
  
    public @Secures @Foo(bar = "demo") boolean isDemoUser(Identity identity) {
         System.out.println("check bar=demo");
        return identity.hasPermission("demo", "execute");
    }
  
    public @Secures @Foo(bar = "user") boolean isInUserGroup(Identity identity) {
         System.out.println("check bar=user");
        return identity.hasPermission("user", "execute");
    }
  
}

 

User and Foo interfaces are defined according to an example from 3.1.0-Final and I have 3 services:

 

 

 @User
 @GET
 @Path("/user")
 @Produces(MediaType.TEXT_HTML)
 public String user() {
 return "Hello " + fCredentials.getUsername() + "!";
 }

 @Foo(bar="demo")
 @GET
 @Path("/foodemo")
 @Produces(MediaType.TEXT_HTML)
 public String foodemo() {
 return "Hello " + fCredentials.getUsername() + "!";
 }

 @Foo(bar="user")
 @GET
 @Path("/foouser")
 @Produces(MediaType.TEXT_HTML)
 public String foouser() {
 return "Hello " + fCredentials.getUsername() + "!";
 }

 

So the aftermath looks like this:

- First service works fine and I get response when I invoke the service

- When I call second service I get a print in the JBoss console "check bar=demo" but I don't see system.out.println from security.drl file nor the access is granted.

- Same for the third service.