Uploaded image for project: 'Jackrabbit Content Repository'
  1. Jackrabbit Content Repository
  2. JCR-4033

Session Leak in case of an exception inside the constructor of SessionImpl

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.13.1
    • 2.13.5, 2.14
    • jackrabbit-core
    • None

    Description

      If an exception occurs inside the constructor of SessionImpl, the session is then partially created but it is still considered as alive and a live session that is about to be GCed is considered as a session leak by the current code such that we get a warning of type

      WARN  o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session was opened here: 
java.lang.Exception: Stack Trace
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
    at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
    at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
    at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
    at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
    at ttt.createSession(RepositoryManager.java:132)

      One concrete use case is an attempt to login with correct credentials but without enough rights to access to a given workspace, we then get a Workspace access denied which occurs in the constructor of SessionImpl so we finally get the warning indicating that we have a session leak which should not be the case here.

      The code to reproduce:

      Session session = repository.login(creds); //here are creds for user without permissions, just for testing

      The stack trace:

      Caused by: javax.jcr.LoginException: Workspace access denied
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
    at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
    at ttt.createSession(RepositoryManager.java:132)
    ... 51 common frames omitted

Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace default
    at org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
    at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
    at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
    at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
    at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
    at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)

      More details in this post http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul

      Attachments

        1. JCR-4033.patch
          2 kB
          Nicolas FILOTTO

        Issue Links

          Blocked

          Bug - A problem which impairs or prevents the functions of the product. JCR-4034 Session Leak in case of an exception inside the constructor of SessionImpl

          • Major - Major loss of function.
          • Closed

          Activity

            People

              reschke Julian Reschke
              essobedo@yahoo.com Nicolas FILOTTO
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: