Sep 26th, 2012, 03:34 AM
Preventing flushing of EntityManager when @PreAuthorized methods on entities called
I'm using @PreAuthorize annotations on my JPA-managed entities and I'm using AspectJ mode both in annotation driven transactions and in global-method-security. The problem is, in a @Transactional service method that calls multiple @PreAuthorized methods of an entity, statements are flushed every time before such a method. This means potentially DB constraints kicking in and also that our trigger-managed audit trail gets too many records. If I remove the security annotations, then there's only one statement flushed after the service method is completed.
I wonder why is EntityManager flushed like that and is there a way to prevent it? I'm using EclipseLink and Spring's LocalContainerEntityManagerFactoryBean. Setting the order in tx:annotation-driven and global-method-security doesn't help in this case.
Oct 1st, 2012, 04:11 AM
I'll answer to myself: This was because of EclipseLink's default behavior of flushing statements when doing queries in a transaction (permission checks required DB queries). Setting "eclipselink.persistence-context.flush-mode" to "commit" in persistence.xml fixed the issue.