[jboss-user] [JBoss Seam] - Re: EntitySecurityListener and MDBs

[kahliburke]

I would note that similar issues also affect methods called from asynchronous event handlers.

I had 'read' rules on entities that caused them to be unavailable when loaded in an asynchronous method, because the rules still fire but there is no established session and nothing in the working memory to allow the permissions to be granted.

I thought I could get around this issue by hooking into the 'org.jboss.seam.core.executingAsynchronousCall' variable that is set into the Event context when async methods are called.  I added postSet and postRemove observers that would stick something into the working memory and had a rule that allowed all access in such cases.  This would assume that any necessary permissions checks had already occurred before the async method was scheduled.

However I then ran into my next issue:

anonymous wrote : 
  | Caused by: java.lang.IllegalStateException: No active session context
  | 	at org.jboss.seam.security.Identity.instance(Identity.java:157)
  | 	at org.jboss.seam.security.EntitySecurityListener.preUpdate(EntitySecurityListener.java:44)
  | 
  | 

It appears that the transaction is committed and the persistence context flushed outside of the methods that begin and end the call using the Lifecycle class.  But the EntitySecurityListener is still active so we run into this issue.

I'll workaround this problem for now by extending EntitySecurityListener to check whether an active session context exists, and whether the 'org.jboss.seam.core.executingAsynchronousCall' is in the event context.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4106977#4106977

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4106977