Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-4033

Session Leak in case of an exception inside the constructor of SessionImpl

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.13.1
    • Fix Version/s: 2.13.5, 2.14
    • Component/s: jackrabbit-core
    • Labels:
      None

      Description

      If an exception occurs inside the constructor of SessionImpl, the session is then partially created but it is still considered as alive and a live session that is about to be GCed is considered as a session leak by the current code such that we get a warning of type

      WARN  o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session was opened here: 
      java.lang.Exception: Stack Trace
          at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
          at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
          at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
          at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
          at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
          at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
          at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
          at ttt.createSession(RepositoryManager.java:132)
      

      One concrete use case is an attempt to login with correct credentials but without enough rights to access to a given workspace, we then get a Workspace access denied which occurs in the constructor of SessionImpl so we finally get the warning indicating that we have a session leak which should not be the case here.

      The code to reproduce:

      Session session = repository.login(creds); //here are creds for user without permissions, just for testing
      

      The stack trace:

      Caused by: javax.jcr.LoginException: Workspace access denied
          at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
          at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
          at ttt.createSession(RepositoryManager.java:132)
          ... 51 common frames omitted
      
      Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace default
          at org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
          at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
          at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
          at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
          at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
          at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
          at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
          at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
          at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
      

      More details in this post http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul

        Attachments

        1. JCR-4033.patch
          2 kB
          Nicolas FILOTTO

          Issue Links

            Activity

              People

              • Assignee:
                reschke Julian Reschke
                Reporter:
                essobedo@yahoo.com Nicolas FILOTTO
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: