Hibernate version: 3.0
The reference documentation for events shows the following example:
Code:
public class MyLoadListener extends DefaultLoadEventListener {
// this is the single method defined by the LoadEventListener interface
public Object onLoad(LoadEvent event, LoadEventListener.LoadType loadType)
throws HibernateException {
if ( !MySecurity.isAuthorized( event.getEntityClassName(), event.getEntityId() ) ) {
throw MySecurityException("Unauthorized access");
}
return super.onLoad(event, loadType);
}
}
My question is, where does MySecurity come from? Also, how does MySecurity know what user is making the request? In order to check security, the listener would need to know which user was attempting the load. This means that:
Code:
cfg.getSessionEventListenerConfig().setLoadEventListener( new MyLoadListener() );
would have to be called each time a user logs in (so that you could set an attribute in MySecurity or in MyLoadListener indicating the user identity).
Based on the reference documentation, a Configuration and SessionFactory should not be created for each login (assuming a web ui model). It should only be created when the application is deployed.
Login
FAQ
Search
