3 Replies Latest reply on Nov 8, 2006 10:24 AM by jgilbert

    Hibernate JACC in the embedded container

    jgilbert

      Has anyone tried to use Hibernate JACC in the embedded container?

      I have added the entries to the persistence.xml:

      <property name="hibernate.jacc.enabled" value="true"/>
       <property name="hibernate.jacc.User.net.pay.security.entity.Customer" value="insert,update,read"/>
       <property name="hibernate.jacc.Admin.net.pay.security.entity.Customer" value="delete"/>
      


      I see the entries processed:

      2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment insert)[*:insert()]
      2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment update)[*:update()]
      2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment read)[*:read()]
      2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Admin: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment delete)[*:delete()]
      


      But I get the following exception:

      Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.security.auth.Subject.container
       at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107)
       at org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88)
       at org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97)
       at org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36)
       at org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
      


      So I added the JACCSecurityService to the container and switched to JaccAuthorizationInterceptorFactory.

      <bean class="org.jboss.security.jacc.SecurityService"
       name="jboss.security:service=JACCSecurityService">
       </bean>
      


      But now I just get:
      java.lang.SecurityException: Denied: (javax.security.jacc.EJBMethodPermission CustomerServiceBean save,Local,net.pay.security.entity.Customer)[Local:save(net.pay.security.entity.Customer)], caller=Subject:
       Principal: user
       Principal: Roles(members:User)
      
       at org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285)
       at org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationInterceptor.java:93)
       at org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
       at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
       at $Proxy49.save(Unknown Source)
      


      So it looks like the permissions are registered under a different context.

      Any suggestions?