[JCR-3007] setProperty access control evaluation does not properly cope with XA transactions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.7
Fix Version/s: 2.2.8
Component/s: jackrabbit-core
Labels:

Description

This is another instance of the problems with ACL evaluation within transactions described in https://issues.apache.org/jira/browse/JCR-2999.
In this case PropertyImpl#getParent() called from PropertyImpl#checkSetValue() is trying to check read permissions of the yet uncommited parent and thus fails with an ItemNotFound exception.

The problem is reproducible with the following test:

public void testTransaction() throws Exception {

// make sure testUser has all privileges
Privilege[] privileges = privilegesFromName(Privilege.JCR_ALL);
givePrivileges(path, privileges, getRestrictions(superuser, path));

// create new node and lock it
Session s = getTestSession();
UserTransaction utx = new UserTransactionImpl(s);
utx.begin();

// add node and save it
Node n = s.getNode(childNPath);
if (n.hasNode(nodeName1))

{ Node c = n.getNode(nodeName1); c.remove(); s.save(); }

// create node and save
Node n2 = n.addNode(nodeName1);
s.save(); // -> node is NEW -> no failure

// set a property on a child node of an uncommited parent
n2.setProperty(propertyName1, "testSetProperty");
s.save(); // -> fail because PropertyImpl#getParent called from PropertyImpl#checkSetValue
// was checking read permission on the not yet commited parent

// commit
utx.commit();
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

transaction.patch
29/Jun/11 15:24
2 kB
Lars Krapf

Activity

People

Assignee:: Unassigned

Reporter:: Lars Krapf

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 29/Jun/11 15:19

Updated:: 23/Sep/11 08:51

Resolved:: 29/Jun/11 15:56