[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3838) Permission check fails on collections that contain lazily initialized entities
Georges Berscheid (JIRA)
jira-events at lists.jboss.org
Fri Dec 12 14:17:36 EST 2008
Permission check fails on collections that contain lazily initialized entities
------------------------------------------------------------------------------
Key: JBSEAM-3838
URL: https://jira.jboss.org/jira/browse/JBSEAM-3838
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.1.0.SP1
Reporter: Georges Berscheid
org.jboss.seam.security.permission.PermissionMapper.filterByPermission:94
The permission filter checks if the target of the check is of the same class as the target of the permission. If the collection-parameter is the result of a javax.persistence.Query.getResultList() (using Hibernate), and one of the entities returned in that List had previously been lazily fetched (e.g. as part of an entity relationship) this check will fail.
Hibernate probably does some optimization and knows that it had fetched this entity before, and hence puts the lazy proxy into the result list. The proxy's class name is something like Entity_$$_javassist_12 which won't match the class name of the permission target (Entity).
The only work-around I could find for this is to eagerly fetch all entity relationships that are affected by this behavior, which kills the performance of the application.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list