Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-3228

Delayed visibility of new groups when using PrincipalManager

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Cannot Reproduce
    • 1.2.2
    • None
    • jcr
    • None

    Description

      PrincipalManager does not show groups that were just created (this is causing problems in our code). As workaround we use now UserManager.getAuthorizable().getPrincipal() which curiously works immediately after saving a group. Also it does not seem to be an index problem, as a query SELECT * FROM [rep:Authorizable] WHERE [rep:principalName] = "mygroup" also immediately shows a new group.

      See the following servlet snippet for easy reproduction:

      ...
@SlingServlet(paths = "/bin/CreateGroupAndRetrievePrincipal", methods = "GET")
public class CreateGroupAndRetrievePrincipalServlet extends SlingSafeMethodsServlet {
    private static final long serialVersionUID = 1L;
    private static final Logger LOG = LoggerFactory.getLogger(CreateGroupAndRetrievePrincipalServlet.class);

    @Reference
    private SlingRepository repository;

    @Override
    @SuppressWarnings("deprecation")
    protected void doGet(final SlingHttpServletRequest request, final SlingHttpServletResponse response) throws ServletException,
            IOException {
        response.setContentType("text/plain");
        PrintWriter out = response.getWriter();

        final String groupName = request.getParameter("g");

        LOG.debug("test");
        Session session = null;
        try {
            session = repository.loginAdministrative(null);
            UserManager usermanager = ((JackrabbitSession) session).getUserManager();

            Group newGroup = usermanager.createGroup(new java.security.Principal() {

                @Override
                public String getName() {
                    return groupName;
                }
            }, "principaltest");
            out.println("Created Group " + newGroup);

            session.save();

        } catch (Exception e) {
            throw new ServletException(e.getMessage(), e);
        } finally {
            if (session != null) {
                session.logout();
                session = null;
            }
        }

        out.println();

        try {
            session = repository.loginAdministrative(null);

            // No 1: PrincipalManager

            PrincipalManager principalManager = ((JackrabbitSession) session).getPrincipalManager();

            Principal principal = principalManager.getPrincipal(groupName);
            out.println("PrincipalManager: principal: " + principal);

            // No 2: UserManager

            UserManager usermanager = ((JackrabbitSession) session).getUserManager();

            Authorizable authorizable = usermanager.getAuthorizable(groupName);
            out.println("UserManager: authorizable: " + authorizable);

            // No 3: query

            QueryManager queryManager = session.getWorkspace().getQueryManager();
            final Query query = queryManager.createQuery("SELECT * FROM [rep:Authorizable] WHERE [rep:principalName] = \"" + groupName
                    + "\"", Query.JCR_SQL2);

            QueryResult result = query.execute();

            NodeIterator nodes = result.getNodes();
            if (!nodes.hasNext()) {
                out.println("QUERY: group not found: " + groupName);
            }
            while (nodes.hasNext()) {
                Node resultNode = (Node) nodes.next();
                out.println("QUERY: node " + resultNode.getPath() + " property rep:principalName="
                        + resultNode.getProperty("rep:principalName").getString());
            }

            query.execute();

        } catch (Exception e) {
            throw new ServletException(e.getMessage(), e);
        } finally {
            if (session != null) {
                session.logout();
                session = null;
            }
        }

    }

}

      returns (using AEM 6.1)

      Created Group Group 'my-test-group'

PrincipalManager: principal: null
UserManager: authorizable: Group 'my-test-group'
QUERY: node /home/groups/principaltest/qb2WDGrrC0q9bE8jaObH property rep:principalName=my-test-group

      Potentially the problem is that the principal manager holds its own session (even though it was retrieved by ((JackrabbitSession) session).getPrincipalManager()) and the refresh behaviour of sessions (http://jackrabbit.apache.org/oak/docs/dos_and_donts.html)

      Attachments

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. OAK-5496 Creating service user and setting ACLs immediately for this user fails

        • Major - Major loss of function.
        • Resolved
        relates to

        Bug - A problem which impairs or prevents the functions of the product. OAK-938 UserManager does not honour session refresh settings

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            henzlerg Georg Henzler
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment