Return-Path: 
 <dev-return-37386-apmail-jackrabbit-dev-archive=jackrabbit.apache.org@jackrabbit.apache.org>
X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org
Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 55ACDFFCC
	for <apmail-jackrabbit-dev-archive@www.apache.org>;
 Wed,  3 Apr 2013 14:31:20 +0000 (UTC)
Received: (qmail 55730 invoked by uid 500); 3 Apr 2013 14:31:19 -0000
Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org
Received: (qmail 55535 invoked by uid 500); 3 Apr 2013 14:31:19 -0000
Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:dev@jackrabbit.apache.org>
List-Id: <dev.jackrabbit.apache.org>
Reply-To: dev@jackrabbit.apache.org
Delivered-To: mailing list dev@jackrabbit.apache.org
Received: (qmail 55382 invoked by uid 99); 3 Apr 2013 14:31:17 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Apr 2013 14:31:17 +0000
Date: Wed, 3 Apr 2013 14:31:17 +0000 (UTC)
From: "Frank van Lankvelt (JIRA)" <jira@apache.org>
To: dev@jackrabbit.apache.org
Message-ID: <JIRA.12598179.1341924540834.99282.1364999477681@arcas>
In-Reply-To: <JIRA.12598179.1341924540834@arcas>
References: <JIRA.12598179.1341924540834@arcas>
Subject: [jira] [Updated] (JCR-3382) ItemManager.getNode does not do a
 permission check when the item data is in the item manager cache
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/JCR-3382?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Frank van Lankvelt updated JCR-3382:
------------------------------------

    Attachment: JCR-3382.patch

check whether the node can be read after retrieving it from the cache.
                
> ItemManager.getNode does not do a permission check when the item data is in the item manager cache
> --------------------------------------------------------------------------------------------------
>
>                 Key: JCR-3382
>                 URL: https://issues.apache.org/jira/browse/JCR-3382
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>    Affects Versions: 2.6
>            Reporter: Unico Hommes
>            Assignee: Unico Hommes
>         Attachments: JCR-3382.patch
>
>
> Read access should be checked irrespective of whether the item data is in the cache or not. Something might have changed between first reading the node and reading the node again that impacts read access.
> We are running into the situation where node.hasNode() returns false for a node that is in the item manager cache and for which access was revoked but node.getNode() returns the node anyway. So node.hasNode is implemented in the right way, but node.getNode is not.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira