-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
ric1607
 Post subject: JAAS, security and (Stateless) sessions
PostPosted: Mon Jul 17, 2006 2:26 pm 
Newbie

Joined: Mon Jul 17, 2006 2:13 pm
Posts: 8
Location: Paris
Hi everyone,

I'm looking into joining JAAS security and Hibernate and I was really excited to find the "Hibernate declarative security" (12.3) section, based on the event system.

However it appears that this security is easy to bypass, as soon as you are able to do a StatelessSession (see 13.3 of doc) or DML-style operations (13.4).

Is there something I missed about the event system, or is the scope of "JAAS security" events limited?

Would you advise me to implement JAAS directly at the JDBC level or is ther some secret Hibernate weapon for that ?

Thank you very much for your help, and congratulations for this great software!

--Eric
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.