Seam 2.0 to 2.1 (2.2) migration

Question

I was curious what kinds of obstacles have you encountered when migrating my app from seam 2.0 to 2.1.

Obvious ones are mentioned in: migration guide, but I encountered some problems with rule based security, that are not mentioned there.

Firstly I want to post descriptions of my problems and my solutions with migration, so people can benefit (I did'nt find any solutions on the web) --- i'll post it as an answer :)

Secondly I would like to ask you what problems you had when migrating, and how you solved it, so it is in one place in the web.

Answer 1

My main problems were with rule based security. From seam 2.0 to 2.2 there were major refractorings to security subsystem.

No RuleBasedIdentity

RuleBasedIdentity was replaced by RuleBasedPermissionResolver.

Quoting from migration guide:

  If you are using rule-based security in your project, the configuration for the 
  security rules in components.xml has changed.  Previously, the rules were configured
  as a property of the Identity component as such:

    <security:identity security-rules="#{securityRules}" authenticate-method="#{authenticator.authenticate}"/>

  In Seam 2.1, rule-based permission checks are now carried out by the RuleBasedPermissionResolver,
  requiring that it is configured with the security rules instead of Identity:

    <security:rule-based-permission-resolver security-rules="#{securityRules}"/>

Additionally if you youd app needs to work with RuleBasedIdentity (for example to give additional facts to security context) you need to use RuleBasedPermissionResolver.instance() instead.

No name parameter in PermissionCheck

Name parameter was replaced by target parameter, that is an Object not String.

So in your rules you have to replace:

c : PermissionCheck( name == 'fooHome' , action == "edit", granted == false )

with:

c : PermissionCheck( target == 'fooHome' , action == "edit", granted == false )

Also if you use regexps:

c : PermissionCheck( name matches "\w*List")

needs to be replaced with:

c : PermissionCheck( target.toString matches "\w*List")

Different handling of Identity.hasPermission

It has following signature Identity.hasPermissio(String name, String action, Object... args)

Prior to 2.1 hasPermission created PermissionCheck with name, and action properties taken from invocation parameters, and it added all args to drools context.

So following invocation Identity.hasPermission("fooHome", "edit", fooInstance) would result in permission check that is matched by following rule:

rule foo
    when
    c : PermissionCheck( name == "fooHome", action == "edit")
    f : Foo()
    then
    ...
end

Now hasPermission works like that:

 public boolean hasPermission(String name, String action, Object...arg)
     {      
        if (!securityEnabled) return true;
        if (systemOp != null && Boolean.TRUE.equals(systemOp.get())) return true;   
        if (permissionMapper == null) return false;

        if (arg != null)
        {
      return permissionMapper.resolvePermission(arg[0], action);
        }
        else
        {
      return permissionMapper.resolvePermission(name, action);
        }
     }

so if there are args passed, name will not get to PermissionCheck at all. And you need rewrite rules like that:

rule foo
  when
  f : Foo()
  c : PermissionCheck( target = f, action == "edit")

  then
   ...
end

enter code here

Answer 2

As already mentioned the security handling has changed (see migration.txt in Seam distribution).

Furthermore the build architecture has changed massively. If you use the generated build.xml you should regenerate it and manually redo the changes you did. The same goes for some other build related artifacts, some files are now profile dependent and deployable libs are specified in deployed-jars-ear/war.list. The easiest way is to do a merge between two generated projects, the changes are pretty obvious this way.

Other than these two I did not have any problems upgrade from 2.0 to 2.2.