quarkusio
Infer Security JPA persistence unit based on the `@UserDefinition` entity persistence unit
Description
Working on https://github.com/quarkusio/quarkus/pull/51279, I keep running into the fact that currently, each Hibernate entity which serves in the Security JPA as the @UserDefinition has predetermined persistence unit based on the package it belongs to. So to my understanding, Hibernate persistence units either have explicitly declared package, or there is just one active persistence unit and from that and the entity package, we can figure which persistence unit to use in case the entity is mapped just to one.
Thus, IMO we can:
- do not require
quarkus.security-jpa.persistence-unit-namefor most cases and just select the persistence unit for users automatically unless one entity is mapped to multiple PUs. In which case, how is it useful to users when we only allow one PU for the user definition entity? - support named persistence units for Hibernate Reactive (I mean in
quarkus-security-jpa-reactive) as well, since we will know the PU name and it is just about the rightio.quarkus.hibernate.orm.PersistenceUnitinjection point qualifier for our session factory
Implementation ideas
I'd have to look into Hibernate internals and see how to get this mapping between entity and persistence unit, but I believe they must have this mapping somewhere. It is only lately when Hibernate was allowed to be started without any entity. Maybe @yrodiere @marko-bekhta or @lucamolteni can give us a hint. Otherwise, we can just figure it out from the code, no problem.
also cc @FroMage since it is about the Security JPA
![quarkus-bot[bot] avatar](https://avatars.githubusercontent.com/in/90234?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey @michalvavrik, this chapter of the Hibernate extension guide explains how entities can be attached to persistence units. Note that a persistence unit might include more packages, and the same entity might be attached to more than one PU.
I'd have to look into Hibernate internals and see how to get this mapping between entity and persistence unit, but I believe they must have this mapping somewhere
The persistence unit's model (i.e. mapped classes) are determined here:
https://github.com/quarkusio/quarkus/blob/4811438a48074bf8ee3e62442dd9423dec762a31/extensions/hibernate-orm/deployment/src/main/java/io/quarkus/hibernate/orm/deployment/HibernateOrmProcessor.java#L895
And later stored in the io.quarkus.hibernate.orm.deployment.PersistenceUnitDescriptorBuildItem build item, see io.quarkus.hibernate.orm.runtime.boot.QuarkusPersistenceUnitDescriptor#managedClassNames.
the same entity might be attached to more than one PU.
If user actually did that, then I would think we need a way to determine one of the PU in the Security JPA, but we can handle OOTB cases when the entity is only mapped to one PU. It is interesting that I have tried to attach one package to 2 PUs and Hibernate validation passed, but my tests failed. I think I just had a bug in a test.
Also, it is not very useful from the configuration property quarkus.security-jpa.persistence-unit-name POV, since we only allow one PU in the Security JPA, so what would that entity do in other PUs. I think it is still valid to leveragemanagedClassNames. Thanks, I'll look into this eventually.
For Panache entities, they can only belong to a single PU. It's the non-Panache entities that could belong to more than one PU.
