| In order to enable JACC you have to define two settings:
<property name="hibernate.jacc.enabled" value="true"/>
<property name="hibernate.jacc_context_id" value="contextId"/>
And then you have to define the permissions on a per entity class basis:
<property name="hibernate.jacc.{{role}}.{{class}}" value="delete"/>
The problem is that the EntityManagerFactoryBuilderImpl checks that all the properties prefixed with "hibernate.jacc" conform to the "hibernate.jacc.role.class" pattern with the following code:
private GrantedPermission parseJaccConfigEntry(String keyString, String valueString) {
try {
final int roleStart = JACC_PREFIX.length() + 1;
final String role = keyString.substring( roleStart, keyString.indexOf( '.', roleStart ) );
final int classStart = roleStart + role.length() + 1;
final String clazz = keyString.substring( classStart, keyString.length() );
return new GrantedPermission( role, clazz, valueString );
}
catch ( IndexOutOfBoundsException e ) {
throw persistenceException( "Illegal usage of " + JACC_PREFIX + ": " + keyString );
}
}
That check is also made on the "hibernate.jacc.enabled" and "hibernate.jacc_context_id" properties, throwing an exception when found and making JACC impossible to enable. It should check that the property being handled is not one of those two. |
