1 Reply Latest reply on May 16, 2008 9:54 AM by Ralph Schaer

    HibernateSecurityInterceptor

    Ralph Schaer Newbie

      I wrote a test programm with this component.


      @Startup
      @Scope(ScopeType.APPLICATION)
      @Name("initialDataload")
      public class InitialDataload {
        @In private Session hibernateSession;
        @Create
        public void init() {
          Criteria criteria = hibernateSession.createCriteria(User.class);
          if (criteria.setMaxResults(1).list().isEmpty()) {
            User user = new User();
            user.setUsername("admin");
            hibernateSession.save(user);
          }
      }




      When I start the program the following exception occurs.The problem is that the org.jboss.seam.security.HibernateSecurityInterceptor tries to check the permission for the entities. But at this time there is no Http session. Is there a way to temporary disable the HibernateSecurityInterceptor?



      Caused by: java.lang.IllegalStateException: No active session context
           at org.jboss.seam.security.Identity.instance(Identity.java:115)
           at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:78)
           at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:63)
           at org.jboss.seam.security.HibernateSecurityInterceptor.onSave(HibernateSecurityInterceptor.java:89)
           at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:394)
           at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:270)
           at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:181)
           at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:107)
           at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.saveWithGeneratedOrRequestedId(DefaultSaveOrUpdateEventListener.java:187)
           at org.hibernate.event.def.DefaultSaveEventListener.saveWithGeneratedOrRequestedId(DefaultSaveEventListener.java:33)
           at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.entityIsTransient(DefaultSaveOrUpdateEventListener.java:172)
           at org.hibernate.event.def.DefaultSaveEventListener.performSaveOrUpdate(DefaultSaveEventListener.java:27)
           at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.onSaveOrUpdate(DefaultSaveOrUpdateEventListener.java:70)
           at org.hibernate.impl.SessionImpl.fireSave(SessionImpl.java:535)
           at org.hibernate.impl.SessionImpl.save(SessionImpl.java:523)
           at org.hibernate.impl.SessionImpl.save(SessionImpl.java:519)
           at org.jboss.seam.persistence.HibernateSessionProxy.save(HibernateSessionProxy.java:366)
           at InitialDataload.init(InitialDataload.java:41)


        • 1. Re: HibernateSecurityInterceptor
          Ralph Schaer Newbie

          I found the solutions. I had to disable the security at the beginning of the method and enabled it at the end with Identity.setSecurityEnabled. I also forgot to add the @Transactional annotation, but that is a different story.



          @Startup
          @Scope(ScopeType.APPLICATION)
          @Name("initialDataload")
          public class InitialDataload {
            @In private Session hibernateSession;
          
            @Create
            @Transactional
            public void init() {
              Identity.setSecurityEnabled(false);
              Criteria criteria = hibernateSession.createCriteria(User.class);
              if (criteria.setMaxResults(1).list().isEmpty()) {
                User user = new User();
                user.setUsername("admin");
                hibernateSession.save(user);
              }
              Identity.setSecurityEnabled(true);
          }