jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessandro Cosenza" <alessandro.cose...@itkey.it>
Subject Re: permission problem when call Node.getNode( )
Date Wed, 21 Jan 2009 14:42:53 GMT
no, there are two different sessions.
the first session is held by the admin which
revokes read permissions to USER role only for "documents"
but not for "reviews".
after logout this session, a simple user logs in and
tries to read the "music" node and he is able to do that.

Simple user calls root.getNode("documents/reviews") and he
can read "reviews".
but if i transform call in
root.getNode("documents").getNode("reviews")
he can't read "reviews".
in the former it seems the "documents" part of the path is
passed by.
i don't know why.

----- Original Message -----
Da : Todd Seiber <todd.seiber@gmail.com>
A : users@jackrabbit.apache.org
Oggetto : Re: permission problem when call Node.getNode( )
Data : Wed, 21 Jan 2009 09:27:41 -0500

> Are you reusing a session? When I have ran into security
> issues such as this it has mostly been due to JackRabbit
> caching permissions. If within a session you read the
> document node prior to having read permission revoked you
> will be able to read it for the life of the session or
> perhaps until its permission is flushed from cache which
> is a LRUMap (I think).
> 
> On Wed, Jan 21, 2009 at 9:16 AM, Alessandro Cosenza <
> alessandro.cosenza@itkey.it> wrote:
> 
> > hi.
> > i have these folders node:
> > /documents/reviews
> >
> > when i revoke read permission on "documents" and
> > recursively on "reviews" and try to call
> > root.getNode("documents/reviews") it works fine.
> > (it throws an exception)
> >
> > but, when i revoke read permission only on "documents",
> > trying to call root.getNode("documents/reviews") doesn't
> > throw exception,
> > but i think that it should throws an exception the same,
> > because it
> > has however to first read to "documents" node. it seems
> > that it doesn't consider the "documents" node.
> > does anyone can explain me this strange behaviour?
> > thanks
> >
> >
> 

Mime
View raw message