Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JPA Security: allow pointing to a named persistence unit #35231

Closed
yrodiere opened this issue Aug 7, 2023 · 7 comments · Fixed by #36728
Closed

JPA Security: allow pointing to a named persistence unit #35231

yrodiere opened this issue Aug 7, 2023 · 7 comments · Fixed by #36728
Labels
area/persistence OBSOLETE, DO NOT USE area/security kind/enhancement New feature or request
Milestone
3.6.0.CR1

Comments

@yrodiere
Copy link
Member

yrodiere commented Aug 7, 2023

Description

Currently, JpaIdentityProvider is hardcoded to retrieve the default persistence unit:

quarkus/extensions/security-jpa/runtime/src/main/java/io/quarkus/security/jpa/runtime/JpaIdentityProvider.java

Lines 22 to 27 in 03df5d5

public abstract class JpaIdentityProvider implements IdentityProvider<UsernamePasswordAuthenticationRequest> {
private static Logger log = Logger.getLogger(JpaIdentityProvider.class);
@Inject
EntityManagerFactory entityManagerFactory;

This means security-related data must live in the default PU and cannot live in a named PU, which seems like a likely scenario.

It would be nice to allow configuring quarkus-security-jpa to use a non-default persistence unit.

See also https://stackoverflow.com/questions/76845856/unsatisfied-dependency-with-panache-and-multiple-datasources

Implementation ideas

AFAICS we just need some more config in the quarkus-security-jpa extension and corresponding build steps to have JpaIdentityProvider retrieve the EntityManagerFactory by name if necessary.
@yrodiere yrodiere added kind/enhancement New feature or request area/persistence OBSOLETE, DO NOT USE area/security labels Aug 7, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Aug 7, 2023

/cc @sberyozkin (security)

@yrodiere
Copy link
Member Author

yrodiere commented Aug 7, 2023

Note that #16700 is related, but different, as #16700 is about tenants within a given PU.

@sberyozkin
Copy link
Member

sberyozkin commented Aug 15, 2023
edited
Loading

Also CC @FroMage @michalvavrik

@FroMage
Copy link
Member

FroMage commented Aug 22, 2023

Yeah, probably a nice idea.

@michalvavrik michalvavrik mentioned this issue Oct 26, 2023
Merged
@michalvavrik
Copy link
Member

I've tried to figure how to do this for Hibernate Reactive (JPA Security Reactive), but I don't believe it is possible to use named PU with HR. At least I didn't find any test / any example / any docs and in tests I wrote Mutiny.SessionFactory was not produced for named PU.

#36728 should take care of this for Security JPA.

@yrodiere
Copy link
Member Author

I don't believe it is possible to use named PU with HR

Indeed it is not: https://quarkus.io/guides/hibernate-reactive#hr-limitations ,

#36728 should take care of this for Security JPA.

Thanks!

@michalvavrik
Copy link
Member

I don't believe it is possible to use named PU with HR

Indeed it is not: https://quarkus.io/guides/hibernate-reactive#hr-limitations ,

Completely missed that line, thank you.

@quarkus-bot quarkus-bot bot added this to the 3.6 - main milestone Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/persistence OBSOLETE, DO NOT USE area/security kind/enhancement New feature or request
Projects
None yet
Milestone
3.6.0.CR1
Development

Successfully merging a pull request may close this issue.

JPA Security: allow pointing to a named persistence unit michalvavrik/quarkus
4 participants
@FroMage @yrodiere @sberyozkin @michalvavrik