Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #5076 (new)

Opened 8 years ago

Last modified 8 years ago

DOC: Describe gotchas when using Hibernate server-side

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: Unscheduled
Component: Documentation Version: n.a.
Keywords: n.a. Cc: cxallan
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

While trying to help create a custom search bridge with specialized annotation logic, a known hibernate issue arose:

See:

Workaround:

public static <T> T getProxiedObject(T proxy){
        if ( proxy instanceof HibernateProxy ) {
           return (T) ( ( HibernateProxy ) proxy ).getHibernateLazyInitializer().getImplementation();
        }
        return proxy;
    }

...
annotationObj = getProxiedObject(annotationObj);

Seen elsewhere in our code (BasicSecuritySystem.java):

    public <T extends IObject> T doAction(SecureAction action, T... objs) {
       Assert.notNull(objs);
       Assert.notEmpty(objs);
       Assert.notNull(action);

       final LocalQuery query = (LocalQuery) sf.getQueryService();
       final List<GraphHolder> ghs = new ArrayList<GraphHolder>();

       for (T obj : objs) {

           // TODO inject
           if (obj.getId() != null && !query.contains(obj)) {
               throw new SecurityViolation("Services are not allowed to call "
                       + "doAction() on non-Session-managed entities.");
           }

           // ticket:1794 - use of IQuery.get along with doAction() creates
           // two objects (outer proxy and inner target) and only the outer
           // proxy has its graph holder modified without this block, leading
           // to security violations on flush since no token is present.
           if (obj instanceof HibernateProxy) {
               HibernateProxy hp = (HibernateProxy) obj;
               IObject obj2 = (IObject) hp.getHibernateLazyInitializer().getImplementation();
               ghs.add(obj2.getGraphHolder());
           }
...

Change History (2)

comment:1 Changed 8 years ago by jmoore

See also #5768

comment:2 Changed 8 years ago by jmoore

  • Milestone changed from OMERO-Beta4.3 to Unscheduled

Pushing. We actually want to encourage people to not do this in later versions, so might be better to hold off.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.74261 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!