While reading over the documentation this weekend, I came upon the following:

http://www.hibernate.org/hib_docs/v3/re ... l-security


My question is, is there anything else that I have to do? Any interfaces to implement? etc...

Thank You,
Bill

No interfaces to implement.

But I'm not sure that the docs for configuring this stuff are up to date.

And we've only been testing this stuff in the context of EJB3, so I'm not sure what is the exact status of thie stuff in the Hibernate standalone case. I know that in 3.0.0 this was all broken, but we (not me personally) did some fixes to it in 3.1 branch.

Emmanuel and Kabir know more.

Gavin,

Thanks for your reply. Unfortunately, my team can't switch to Hibernate 3.1. We need to stick with the 1.4.2_xx API atm.

Maybe later though.

Again, thank you for your input and time.

Hibernate 3.1 works with JDK 1.4.x

hmmm, I thought I read somewhere that it needed 1.5. Probably just for annotations though.

This is great news. Thanks Emmanuel.

So, how dependable is the security w/ 3.1? I only ask because of Gavins earlier statement.


Thank You.

This works fine in HEAD;
Have a look at the way I configure those JACCEventListeners in Hibernate EntityManager EventListenerConfigurator.
Basically you need to pass a context Id to them.

From the EJB 3 side, as Emmanuel says, the event listeners are configured from what you put in your persistence.xml.

You need to specify that you want to use jacc and the permissions for each of your entities

<entity-manager>
<properties>
<property name="hibernate.jacc.allowed.org.jboss.ejb3.test.jacc.AllEntity" value="insert,update,delete,read"/>

<property name="hibernate.jacc.enabled" value="true"/>
</properties>
</entity-manager>

This relies on a) a JACC provider being present and b) security information getting set. In JBoss EJB 3 a) is done using the JBoss JACC security provider, and b) by the container for a session bean accessing the entitymanager - this information must be available for the event listeners to work.