CurrentTenantIdentifierResolver not invoked when lazy initializing a collection after the session has been closed
Description
Activity
Show:
Johannes Kuhs June 12, 2020 at 4:22 PM
Looks like this might be a duplicate of which has since been fixed.
Johannes Kuhs November 12, 2019 at 8:45 PM
We are seeing the same issue after migrating from 5.3.13 to 5.4.8. I can confirm that 5.4.4 is working as expected.
After migrating from 5.4.4 to 5.4.6 (or 5.4.5) we ran into an issue with lazy loading and multi-tenancy.
We have a few situations where a collection of an entity is lazily loaded after a session has been closed (using the entitymanager per request strategy). For this we have enabled the setting "hibernate.enable_lazy_load_no_trans" (in our case we cannot just load every possible relation when serving the UI, so changing the logic is not an option). The problem is that when loading the referenced collection, the configured CurrentTenantIdentifierResolver is not invoked anymore (thus we cannot switch the current schema) and hibernate uses a default value (or previously set tenantIdentifer), resuling in a SQL performed against a wrong schema (in this case the "public"-schema in our postres db).
This worked in Hibernate 5.4.4 so there had to be a change somewhere in 5.4.5. I'm not sure where exactly but possible ticket we have discovered are:
https://hibernate.atlassian.net/browse/HHH-13584
https://hibernate.atlassian.net/browse/HHH-13563
https://hibernate.atlassian.net/browse/HHH-13595
Maybe someone can take a look into this issue or advise us if there is a setting we're not aware of to change the current behaviour. I believe this could also be a security risk if the wrong schema is queried - in our case we discovered the problem because the public schema did not include the selected table resulting in an sql error.