[jboss-user] [EJB 3.0] - Hibernate JACC in the embedded container
jgilbert
do-not-reply at jboss.com
Tue Oct 24 15:40:57 EDT 2006
Has anyone tried to use Hibernate JACC in the embedded container?
I have added the entries to the persistence.xml:
<property name="hibernate.jacc.enabled" value="true"/>
| <property name="hibernate.jacc.User.net.pay.security.entity.Customer" value="insert,update,read"/>
| <property name="hibernate.jacc.Admin.net.pay.security.entity.Customer" value="delete"/>
|
I see the entries processed:
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment insert)[*:insert()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment update)[*:update()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment read)[*:read()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Admin: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment delete)[*:delete()]
|
But I get the following exception:
Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.security.auth.Subject.container
| at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107)
| at org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88)
| at org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97)
| at org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36)
| at org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
|
So I added the JACCSecurityService to the container and switched to JaccAuthorizationInterceptorFactory.
<bean class="org.jboss.security.jacc.SecurityService"
| name="jboss.security:service=JACCSecurityService">
| </bean>
|
But now I just get:
| java.lang.SecurityException: Denied: (javax.security.jacc.EJBMethodPermission CustomerServiceBean save,Local,net.pay.security.entity.Customer)[Local:save(net.pay.security.entity.Customer)], caller=Subject:
| Principal: user
| Principal: Roles(members:User)
|
| at org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285)
| at org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationInterceptor.java:93)
| at org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
| at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
| at $Proxy49.save(Unknown Source)
|
So it looks like the permissions are registered under a different context.
Any suggestions?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980514#3980514
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980514
More information about the jboss-user
mailing list