jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessandro Cosenza" <alessandro.cose...@itkey.it>
Subject Re: permission problem when call Node.getNode( )
Date Wed, 21 Jan 2009 15:08:05 GMT
i'm using my own implementation.


----- Original Message -----
Da : Todd Seiber <todd.seiber@gmail.com>
A : users@jackrabbit.apache.org
Oggetto : Re: permission problem when call Node.getNode( )
Data : Wed, 21 Jan 2009 09:54:58 -0500

> Are you using the DefaultAccessManager or your own
> implementation?
> 
> On Wed, Jan 21, 2009 at 9:42 AM, Alessandro Cosenza <
> alessandro.cosenza@itkey.it> wrote:
> 
> > no, there are two different sessions.
> > the first session is held by the admin which
> > revokes read permissions to USER role only for
> > "documents" but not for "reviews".
> > after logout this session, a simple user logs in and
> > tries to read the "music" node and he is able to do
> that. >
> > Simple user calls root.getNode("documents/reviews") and
> > he can read "reviews".
> > but if i transform call in
> > root.getNode("documents").getNode("reviews")
> > he can't read "reviews".
> > in the former it seems the "documents" part of the path
> > is passed by.
> > i don't know why.
> >
> > ----- Original Message -----
> > Da : Todd Seiber <todd.seiber@gmail.com>
> > A : users@jackrabbit.apache.org
> > Oggetto : Re: permission problem when call Node.getNode(
> > ) Data : Wed, 21 Jan 2009 09:27:41 -0500
> >
> > > Are you reusing a session? When I have ran into
> > > security issues such as this it has mostly been due to
> > > JackRabbit caching permissions. If within a session
> > > you read the document node prior to having read
> > > permission revoked you will be able to read it for the
> > > life of the session or perhaps until its permission is
> > > flushed from cache which is a LRUMap (I think).
> > >
> > > On Wed, Jan 21, 2009 at 9:16 AM, Alessandro Cosenza <
> > > alessandro.cosenza@itkey.it> wrote:
> > >
> > > > hi.
> > > > i have these folders node:
> > > > /documents/reviews
> > > >
> > > > when i revoke read permission on "documents" and
> > > > recursively on "reviews" and try to call
> > > > root.getNode("documents/reviews") it works fine.
> > > > (it throws an exception)
> > > >
> > > > but, when i revoke read permission only on
> > > > "documents", trying to call
> > > > root.getNode("documents/reviews") doesn't throw
> > > > exception, but i think that it should throws an
> > > > exception the same, because it
> > > > has however to first read to "documents" node. it
> > > > seems that it doesn't consider the "documents" node.
> > > > does anyone can explain me this strange behaviour?
> > > > thanks
> > > >
> > > >
> > >
> >
> 
> 
> 
> -- 
> Todd Seiber
> 830 Fishing Creek Rd.
> New Cumberland, PA 17070
> 
> h. 717-938-5778
> c. 717-497-1742
> e. todd.seiber@gmail.com
> 

Mime
View raw message