jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Levy <l...@csl.sri.com>
Subject Re: ItemManager warning
Date Thu, 02 Nov 2006 17:29:15 GMT

Hi Stefan,

Stefan Guggisberg wrote:
>> Previously (v. 1.0.1), this method called the AccessManager
>> first, then checked the cache, then created the node if necessary.
>> Now it seems an optimization has been made where it checks
>> the cache first, and skips the access check if it is cached.
>> In our case, the node actually gets pulled into the cache
>> by a custom access manager, in between the cache check
>> and the creation of the item, hence the warning.  But
>> more seriously, the access check might not even be
>> enforced later, since the node was added to the cache.
>> It may not be a common need, but does it seems the old version
>> was much preferable for us.  Also, if I understand it correctly, it
>> is a little risky using the cache to enforce the access
>> check, and this might affect others...  For instance, couldn't
>> some access manager implementations revoke read access
>> even after an item has been read once previously in a
>> (perhaps long-lived) session?  (In fact, the old implementation
>> seemed to accomodate this explicitly, as it evicted the node
>> from cache on access failure.)
> i checked the log, it was me committing the change in
> svn rev. 423448  ('avoid excessive privilege checking').
> the modification was a deliberate compromise between
> improved performance and somehow weakend access control.
> i agree with you that there could be an issue with revoked access.
> however, i don't think that it's a serious one since cached
> entries will be automatically flushed once they're gc'ed.
> unless an application keeps a hard reference to an Item instance
> the session's privileges will be reevaluated after the item got evicted
> via gc.
> feel free to create a jira issue if you don't agree.

I see, thanks.  It seems like a good optimization for many
situations, but not certain ones, such as access managers
that wish to restrict based on quotas, time of day, or keep
audit trails, and where the access manager might affect
the cache.

I'll look for a workaround (suggestions are welcome ;), but
might also file the issue.  Maybe there could be a config option,
off by default, for "aggresive" access checks.

View this message in context: http://www.nabble.com/ItemManager-warning-tf2541411.html#a7141566
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

View raw message