[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3838) Permission check fails on collections that contain lazily initialized entities

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Sun Dec 14 18:44:36 EST 2008


     [ https://jira.jboss.org/jira/browse/JBSEAM-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shane Bryzak updated JBSEAM-3838:
---------------------------------

    Fix Version/s: 2.1.2.CR1


> Permission check fails on collections that contain lazily initialized entities
> ------------------------------------------------------------------------------
>
>                 Key: JBSEAM-3838
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3838
>             Project: Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1.0.SP1
>            Reporter: Georges Berscheid
>            Assignee: Shane Bryzak
>             Fix For: 2.1.2.CR1
>
>
> org.jboss.seam.security.permission.PermissionMapper.filterByPermission:94
> The permission filter checks if the target of the check is of the same class as the target of the permission. If the collection-parameter is the result of a javax.persistence.Query.getResultList() (using Hibernate), and one of the entities returned in that List had previously been lazily fetched (e.g. as part of an entity relationship) this check will fail.
> Hibernate probably does some optimization and knows that it had fetched this entity before, and hence puts the lazy proxy into the result list. The proxy's class name is something like Entity_$$_javassist_12 which won't match the class name of the permission target (Entity).
> The only work-around I could find for this is to eagerly fetch all entity relationships that are affected by this behavior, which kills the performance of the application.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list