Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-2999

Access control evaluation does not properly cope with XA transactions

    XMLWordPrintableJSON

Details

    Description

      the following test fails with ItemNotFoundException at the indicated position due to the fact that
      the parent n2 is EXISTING but still not visible to the system session responsible for the ac
      evaluation.

      public void testTransaction() throws Exception {

      // make sure testUser has all privileges
      Privilege[] privileges = privilegesFromName(Privilege.JCR_ALL);
      givePrivileges(path, privileges, getRestrictions(superuser, path));

      // create new node and lock it
      Session s = getTestSession();
      UserTransaction utx = new UserTransactionImpl(s);
      utx.begin();

      // add node and save it
      Node n = s.getNode(childNPath);
      if (n.hasNode(nodeName1))

      { Node c = n.getNode(nodeName1); c.remove(); s.save(); }

      Node n2 = n.addNode(nodeName1);
      s.save();

      Node n3 = n2.addNode(nodeName2);
      s.save(); // exception

      // commit
      utx.commit();
      }

      A possible workaround would be to make sure that ItemSaveOperation.persistTransientItems
      retrieves the parent without having the checkPermission enabled since we can assume that
      the new item could not be added if the parent was not readable in the first place.... but careful
      evaluation would be required.

      NOTE: this is just one example of the AC-evaluation not properly dealing with XA transactions.
      I am convinced that other examples could be find....

      Attachments

        1. JCR-2999.patch
          5 kB
          Angela Schreiber

        Activity

          People

            angela Angela Schreiber
            angela Angela Schreiber
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: