Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.13.1
-
None
Description
If an exception occurs inside the constructor of SessionImpl, the session is then partially created but it is still considered as alive and a live session that is about to be GCed is considered as a session leak by the current code such that we get a warning of type
WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session was opened here: java.lang.Exception: Stack Trace at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222) at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239) at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101) at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613) at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956) at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501) at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144) at ttt.createSession(RepositoryManager.java:132)
One concrete use case is an attempt to login with correct credentials but without enough rights to access to a given workspace, we then get a Workspace access denied which occurs in the constructor of SessionImpl so we finally get the warning indicating that we have a session leak which should not be the case here.
The code to reproduce:
Session session = repository.login(creds); //here are creds for user without permissions, just for testing
The stack trace:
Caused by: javax.jcr.LoginException: Workspace access denied
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
at ttt.createSession(RepositoryManager.java:132)
... 51 common frames omitted
Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace default
at org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
More details in this post http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
Attachments
Attachments
Issue Links
- Blocked
-
JCR-4034 Session Leak in case of an exception inside the constructor of SessionImpl
- Closed