Hibernate JACC in the embedded container
jgilbert Oct 24, 2006 3:40 PMHas anyone tried to use Hibernate JACC in the embedded container?
I have added the entries to the persistence.xml:
<property name="hibernate.jacc.enabled" value="true"/> <property name="hibernate.jacc.User.net.pay.security.entity.Customer" value="insert,update,read"/> <property name="hibernate.jacc.Admin.net.pay.security.entity.Customer" value="delete"/>
I see the entries processed:
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment insert)[*:insert()] 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment update)[*:update()] 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment read)[*:read()] 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Admin: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment delete)[*:delete()]
But I get the following exception:
Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.security.auth.Subject.container at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107) at org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88) at org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97) at org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36) at org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
So I added the JACCSecurityService to the container and switched to JaccAuthorizationInterceptorFactory.
<bean class="org.jboss.security.jacc.SecurityService" name="jboss.security:service=JACCSecurityService"> </bean>
But now I just get:
java.lang.SecurityException: Denied: (javax.security.jacc.EJBMethodPermission CustomerServiceBean save,Local,net.pay.security.entity.Customer)[Local:save(net.pay.security.entity.Customer)], caller=Subject: Principal: user Principal: Roles(members:User) at org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285) at org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationInterceptor.java:93) at org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79) at $Proxy49.save(Unknown Source)
So it looks like the permissions are registered under a different context.
Any suggestions?