jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: Item.remove() access control
Date Tue, 05 Apr 2005 07:55:51 GMT
On Apr 5, 2005 5:46 AM, Brian Moseley <bcm@osafoundation.org> wrote:
> Brian Moseley wrote:
> > i'm having an access control problem when removing an item (via WebDAV,
> > but i suspect that's not relevant).
> >
> > i'm issuing DELETE /webdav/bcm/litmus-results.txt as a regular user of
> > my server who only has permissions on /webdav/bcm and below.
> > DavResourceImpl calls remove() on the Item in question. somewhere below,
> > my AccessManager is asked if read permission isGranted() on /. the
> > answer to this question is false, and the DELETE fails with a 403.
> >
> > if i then stop my server and restart it, the repository seems to be out
> > of whack, in that PROPFIND /webdav/bcm/litmus-results.txt returns empty
> > properties D:getlastmodified, D:getcontentlength, etc.
> >
> > why is read permission checked on /? and what causes the erroneous
> > PROPFIND response after the failed DELETE?
> >
> > thanks!
> >
> 
> oh, and another thing:
> 
> i worked around the above by granting read permission for the root node
> to all users, but now i'm getting an ItemNotFoundException when
> converting the ItemId of the deleted node to a Path. why jackrabbit is
> asking for permissions on the deleted node i don't know :)
> 

please try to reproduce it using plain jcr api. if you still have this problem
post a jira issue and include your code sample.

thanks
stefan

Mime
View raw message