jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Created] (JCR-2999) Access control evaluation does not properly cope with XA transactions
Date Tue, 21 Jun 2011 10:51:52 GMT
Access control evaluation does not properly cope with XA transactions
---------------------------------------------------------------------

                 Key: JCR-2999
                 URL: https://issues.apache.org/jira/browse/JCR-2999
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core, security, transactions
            Reporter: angela


the following test fails with ItemNotFoundException at the indicated position due to the fact
that
the parent n2 is EXISTING but still not visible to the system session responsible for the
ac
evaluation.

public void testTransaction() throws Exception {

        // make sure testUser has all privileges
        Privilege[] privileges = privilegesFromName(Privilege.JCR_ALL);
        givePrivileges(path, privileges, getRestrictions(superuser, path));

        // create new node and lock it
        Session s = getTestSession();
        UserTransaction utx = new UserTransactionImpl(s);
        utx.begin();

        // add node and save it
        Node n = s.getNode(childNPath);
        if (n.hasNode(nodeName1)) {
            Node c = n.getNode(nodeName1);
            c.remove();
            s.save();
        }

        Node n2 = n.addNode(nodeName1);
        s.save();
            
        Node n3 = n2.addNode(nodeName2);
        s.save(); // exception

        // commit
        utx.commit();
    }

A possible workaround would be to make sure that ItemSaveOperation.persistTransientItems 
retrieves the parent without having the checkPermission enabled since we can assume that
the new item could not be added if the parent was not readable in the first place.... but
careful
evaluation would be required.

NOTE: this is just one example of the AC-evaluation not properly dealing with XA transactions.
I am convinced that other examples could be find....


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message