jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: NodeStates and security (Re: svn commit: r1458234 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/kernel/ oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/versi...
Date Thu, 21 Mar 2013 07:57:01 GMT

On Wed, Mar 20, 2013 at 6:46 PM, Angela Schreiber <anchela@adobe.com> wrote:
> the only thing i keep struggling with is: i don't want to evaluate
> read access for all parent items

There shouldn't be a need for doing that.

Since the proposed getChildNode() calls would never return null, there
won't be a need to perform access control checks on that method (the
return value gives out no information about the presence, absense or
accessibility of a node). The access check is only needed for the
exists() and other NodeState methods that get called if a node is
actually being read instead of just traversed.

For example, accessing a path like the mentioned "/foo/bar", would
ultimately boil down to something like the following sequence of

    NodeState root = ...;
    NodeState foo = root.getChildNode("foo"); // no access check
    NodeState bar = foo.getChildNode("bar"); // no access check
    if (bar.exists()) { // access check performed here
        return new Node(bar);
    } else {
        throw new NotFoundException();


Jukka Zitting

View raw message