From dev-return-36191-apmail-jackrabbit-dev-archive=jackrabbit.apache.org@jackrabbit.apache.org Wed Sep 5 11:32:13 2012 Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1BD99D231 for ; Wed, 5 Sep 2012 11:32:13 +0000 (UTC) Received: (qmail 83813 invoked by uid 500); 5 Sep 2012 11:32:12 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 83467 invoked by uid 500); 5 Sep 2012 11:32:09 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 83075 invoked by uid 99); 5 Sep 2012 11:32:08 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Sep 2012 11:32:08 +0000 Date: Wed, 5 Sep 2012 22:32:08 +1100 (NCT) From: "Alex Parvulescu (JIRA)" To: dev@jackrabbit.apache.org Message-ID: <561291607.38351.1346844728173.JavaMail.jiratomcat@arcas> In-Reply-To: <436247328.25970.1345251457957.JavaMail.jiratomcat@arcas> Subject: [jira] [Updated] (JCR-3412) UserManager.findAuthorizables() does not work, if session does not have read access to /home MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Parvulescu updated JCR-3412: --------------------------------- Attachment: AutorizablesTest.java.patch Attaching a new test that extends AbstractEvaluationTest. I see the same problem as before. I'm tinking that this comes from the "security" workspace acl setup. We need to reconsider this issue in the context of jackrabbit and see what exactly "/home" refers to. Is it the acls config home ("/rep:security/rep:authorizables") on the "security" workspace or is it another node in the default ws. > UserManager.findAuthorizables() does not work, if session does not have read access to /home > -------------------------------------------------------------------------------------------- > > Key: JCR-3412 > URL: https://issues.apache.org/jira/browse/JCR-3412 > Project: Jackrabbit Content Repository > Issue Type: Bug > Components: jackrabbit-core, query, security > Affects Versions: 2.4 > Reporter: Tobias Bocanegra > Attachments: AutorizablesTest.java.patch, JCR-3412.patch > > > If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything. > log shows: > org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867. > Where as this query works, and returns the user homes the session has read access to: > /jcr:root//element(*,rep:User) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira