Has anyone tried to use Hibernate JACC in the embedded container?
I have added the entries to the persistence.xml:
Code:
<property name="hibernate.jacc.enabled" value="true"/>
<property name="hibernate.jacc.User.net.pay.security.entity.Payment" value="insert,update,read"/>
<property name="hibernate.jacc.Admin.net.pay.security.entity.Payment" value="delete"/>
I see the entries processed:
Code:
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Use
r: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment insert)[*:insert()]
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Use
r: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment update)[*:update()]
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Use
r: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment read)[*:read()]
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding permission to role Adm
in: (javax.security.jacc.EJBMethodPermission net.pay.security.entity.Payment delete)[*:delete()]
But I get the following exception:
Code:
Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.security.auth.S
ubject.container
at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107)
at org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88)
at org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97)
at org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36)
at org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
So I added the JACCSecurityService to the container and switched to JaccAuthorizationInterceptorFactory.
Code:
<bean class="org.jboss.security.jacc.SecurityService"
name="jboss.security:service=JACCSecurityService">
</bean>
But now I just get:
Code:
java.lang.SecurityException: Denied: (javax.security.jacc.EJBMethodPermission PaymentServiceBean sa
ve,Local,net.pay.security.entity.Payment)[Local:save(net.pay.security.entity.Payment)], caller=Sub
ject:
Principal: user
Principal: Roles(members:User)
at org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285)
at org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationI
nterceptor.java:93)
at org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63
)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
at $Proxy49.save(Unknown Source)
So it looks like every thing is configured properly. But debugging through the java policy code is a nightmare...
Any suggestions?
Login
FAQ
Search
