jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Boston <...@caret.cam.ac.uk>
Subject UserAccessControlProvider, possible issue.
Date Thu, 13 May 2010 12:19:38 GMT
JR core 2.0.0
In UserAccessControlProvider.compilePermissions(...), if no principal relating to a user node
can be found, then a set or read only compiled permissions is provided. That set gives the
session read only access to the entire security workspace regardless of path.

If the user node is found, then an instance of UserAccessControlProvider.CompilePermissions
is used and in UserAccessControlProvider.CompilePermissions.buildResult(...) there is a check
for no user node. If there is no user node, all permissions are denied regardless of path.

Although the first case will never happen for an installation of Jackrabbit where there are
no custom PrincipalManagers, I suspect, based on the impl of UserAccessControlProvider.CompilePermissions.buildResult(...)
was to deny all access to the security workspace where there was no corresponding user node
in a set of principals.

Did I read the code right ?
Is this a bug in 2.0.0 ?
Has it already been fixed in a later release ?


View raw message