1 Reply Latest reply on May 16, 2008 9:54 AM by rasch23

    HibernateSecurityInterceptor

    rasch23
    rasch23 May 14, 2008 10:59 AM

      I wrote a test programm with this component. 


      @Startup
@Scope(ScopeType.APPLICATION)
@Name("initialDataload")
public class InitialDataload {
  @In private Session hibernateSession;
  @Create
  public void init() {
    Criteria criteria = hibernateSession.createCriteria(User.class);
    if (criteria.setMaxResults(1).list().isEmpty()) {
      User user = new User();
      user.setUsername("admin");
      hibernateSession.save(user);
    }
}




      When I start the program the following exception occurs.The problem is that the org.jboss.seam.security.HibernateSecurityInterceptor tries to check the permission for the entities. But at this time there is no Http session. Is there a way to temporary disable the HibernateSecurityInterceptor?



      Caused by: java.lang.IllegalStateException: No active session context
     at org.jboss.seam.security.Identity.instance(Identity.java:115)
     at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:78)
     at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:63)
     at org.jboss.seam.security.HibernateSecurityInterceptor.onSave(HibernateSecurityInterceptor.java:89)
     at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:394)
     at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:270)
     at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:181)
     at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:107)
     at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.saveWithGeneratedOrRequestedId(DefaultSaveOrUpdateEventListener.java:187)
     at org.hibernate.event.def.DefaultSaveEventListener.saveWithGeneratedOrRequestedId(DefaultSaveEventListener.java:33)
     at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.entityIsTransient(DefaultSaveOrUpdateEventListener.java:172)
     at org.hibernate.event.def.DefaultSaveEventListener.performSaveOrUpdate(DefaultSaveEventListener.java:27)
     at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.onSaveOrUpdate(DefaultSaveOrUpdateEventListener.java:70)
     at org.hibernate.impl.SessionImpl.fireSave(SessionImpl.java:535)
     at org.hibernate.impl.SessionImpl.save(SessionImpl.java:523)
     at org.hibernate.impl.SessionImpl.save(SessionImpl.java:519)
     at org.jboss.seam.persistence.HibernateSessionProxy.save(HibernateSessionProxy.java:366)
     at InitialDataload.init(InitialDataload.java:41)


        • 1. Re: HibernateSecurityInterceptor
          rasch23
          rasch23 May 16, 2008 9:54 AM (in response to rasch23)

          I found the solutions. I had to disable the security at the beginning of the method and enabled it at the end with Identity.setSecurityEnabled. I also forgot to add the @Transactional annotation, but that is a different story.



          @Startup
@Scope(ScopeType.APPLICATION)
@Name("initialDataload")
public class InitialDataload {
  @In private Session hibernateSession;

  @Create
  @Transactional
  public void init() {
    Identity.setSecurityEnabled(false);
    Criteria criteria = hibernateSession.createCriteria(User.class);
    if (criteria.setMaxResults(1).list().isEmpty()) {
      User user = new User();
      user.setUsername("admin");
      hibernateSession.save(user);
    }
    Identity.setSecurityEnabled(true);
}


            • Actions