Has anyone tried to use Hibernate JACC in the embedded container?
I have added the entries to the persistence.xml:
<property name="hibernate.jacc.enabled" value="true"/>
| <property name="hibernate.jacc.User.net.pay.security.entity.Customer"
value="insert,update,read"/>
| <property
name="hibernate.jacc.Admin.net.pay.security.entity.Customer" value="delete"/>
|
I see the entries processed:
2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration] adding
permission to role User: (javax.security.jacc.EJBMethodPermission
net.pay.security.entity.Payment insert)[*:insert()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration]
adding permission to role User: (javax.security.jacc.EJBMethodPermission
net.pay.security.entity.Payment update)[*:update()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration]
adding permission to role User: (javax.security.jacc.EJBMethodPermission
net.pay.security.entity.Payment read)[*:read()]
| 2006-10-24 15:28:17,307 DEBUG [org.hibernate.secure.JACCConfiguration]
adding permission to role Admin: (javax.security.jacc.EJBMethodPermission
net.pay.security.entity.Payment delete)[*:delete()]
|
But I get the following exception:
Caused by: java.lang.IllegalArgumentException: No PolicyContextHandler for
key=javax.security.auth.Subject.container
| at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:107)
| at
org.hibernate.secure.JACCPermissions$3.getContextSubject(JACCPermissions.java:88)
| at
org.hibernate.secure.JACCPermissions.getContextSubject(JACCPermissions.java:97)
| at
org.hibernate.secure.JACCPermissions.checkPermission(JACCPermissions.java:36)
| at
org.hibernate.secure.JACCPreInsertEventListener.onPreInsert(JACCPreInsertEventListener.java:29)
|
So I added the JACCSecurityService to the container and switched to
JaccAuthorizationInterceptorFactory.
<bean class="org.jboss.security.jacc.SecurityService"
| name="jboss.security:service=JACCSecurityService">
| </bean>
|
But now I just get:
| java.lang.SecurityException: Denied:
(javax.security.jacc.EJBMethodPermission CustomerServiceBean
save,Local,net.pay.security.entity.Customer)[Local:save(net.pay.security.entity.Customer)],
caller=Subject:
| Principal: user
| Principal: Roles(members:User)
|
| at
org.jboss.ejb3.security.JaccHelper.checkPermission(JaccHelper.java:285)
| at
org.jboss.ejb3.security.JaccAuthorizationInterceptor.checkSecurityAssociation(JaccAuthorizationInterceptor.java:93)
| at
org.jboss.ejb3.security.JaccAuthorizationInterceptor.invoke(JaccAuthorizationInterceptor.java:63)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:78)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:181)
| at
org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
| at $Proxy49.save(Unknown Source)
|
So it looks like the permissions are registered under a different context.
Any suggestions?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980514#3980514
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980514
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
