[jboss-user] [EJB 3.0] - Hibernate JACC in the embedded container

jgilbert do-not-reply at jboss.com
Tue Oct 24 15:40:57 EDT 2006


Has anyone tried to use Hibernate JACC in the embedded container?

I have added the entries to the persistence.xml:

      <property name="hibernate.jacc.enabled" value="true"/>      
  |       <property name="hibernate.jacc.User.net.pay.security.entity.Customer" value="insert,update,read"/>
  |       <property name="hibernate.jacc.Admin.net.pay.security.entity.Customer" value="delete"/>
  | 

I see the entries processed:

2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment insert)[*:insert()]
  | 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment update)[*:update()]
  | 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role User: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment read)[*:read()]
  | 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Admin: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment delete)[*:delete()]
  | 

But I get the following exception:

Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.security.auth.Subject.container
  | 	at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107)
  | 	at org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88)
  | 	at org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97)
  | 	at org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36)
  | 	at org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
  | 

So I added the JACCSecurityService to the container and switched to JaccAuthorizationInterceptorFactory.

  <bean class="org.jboss.security.jacc.SecurityService"
  |     name="jboss.security:service=JACCSecurityService">
  |   </bean>   
  | 

But now I just get:

  | java.lang.SecurityException: Denied: (javax.security.jacc.EJBMethodPermission CustomerServiceBean save,Local,net.pay.security.entity.Customer)[Local:save(net.pay.security.entity.Customer)], caller=Subject:
  | 	Principal: user
  | 	Principal: Roles(members:User)
  | 
  | 	at org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285)
  | 	at org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationInterceptor.java:93)
  | 	at org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
  | 	at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
  | 	at $Proxy49.save(Unknown Source)
  | 

So it looks like the permissions are registered under a different context.

Any suggestions?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980514#3980514

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980514



More information about the jboss-user mailing list