jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessandro Cosenza" <alessandro.cose...@itkey.it>
Subject Re: permission problem when call Node.getNode( )
Date Wed, 21 Jan 2009 15:24:42 GMT
it invokes the former. btw i'm using JR 1.4.

i thought that calling getNode("documents/reviews")
jackrabbit automatically would check read permissions for
each part of the path.probably it isn't so.

----- Original Message -----
Da : Todd Seiber <todd.seiber@gmail.com>
A : users@jackrabbit.apache.org
Oggetto : Re: permission problem when call Node.getNode( )
Data : Wed, 21 Jan 2009 10:17:28 -0500

> When calling root.getNode("documents/reviews") does it
> invoke the AccessManager's isGranted(ItemId arg0, int
> arg1) or isGranted(Path arg0, int arg1)?
> 
> On Wed, Jan 21, 2009 at 10:08 AM, Alessandro Cosenza <
> alessandro.cosenza@itkey.it> wrote:
> 
> > i'm using my own implementation.
> >
> >
> > ----- Original Message -----
> > Da : Todd Seiber <todd.seiber@gmail.com>
> > A : users@jackrabbit.apache.org
> > Oggetto : Re: permission problem when call Node.getNode(
> > ) Data : Wed, 21 Jan 2009 09:54:58 -0500
> >
> > > Are you using the DefaultAccessManager or your own
> > > implementation?
> > >
> > > On Wed, Jan 21, 2009 at 9:42 AM, Alessandro Cosenza <
> > > alessandro.cosenza@itkey.it> wrote:
> > >
> > > > no, there are two different sessions.
> > > > the first session is held by the admin which
> > > > revokes read permissions to USER role only for
> > > > "documents" but not for "reviews".
> > > > after logout this session, a simple user logs in and
> > > > tries to read the "music" node and he is able to do
> > > that. >
> > > > Simple user calls root.getNode("documents/reviews")
> > > > and he can read "reviews".
> > > > but if i transform call in
> > > > root.getNode("documents").getNode("reviews")
> > > > he can't read "reviews".
> > > > in the former it seems the "documents" part of the
> > > > path is passed by.
> > > > i don't know why.
> > > >
> > > > ----- Original Message -----
> > > > Da : Todd Seiber <todd.seiber@gmail.com>
> > > > A : users@jackrabbit.apache.org
> > > > Oggetto : Re: permission problem when call
> > > > Node.getNode( ) Data : Wed, 21 Jan 2009 09:27:41
> > > -0500 >
> > > > > Are you reusing a session? When I have ran into
> > > > > security issues such as this it has mostly been
> > > > > due to JackRabbit caching permissions. If within a
> > > > > session you read the document node prior to having
> > > > > read permission revoked you will be able to read
> > > > > it for the life of the session or perhaps until
> > > > > its permission is flushed from cache which is a
> > > > LRUMap (I think). >
> > > > > On Wed, Jan 21, 2009 at 9:16 AM, Alessandro
> > > > > Cosenza < alessandro.cosenza@itkey.it> wrote:
> > > > >
> > > > > > hi.
> > > > > > i have these folders node:
> > > > > > /documents/reviews
> > > > > >
> > > > > > when i revoke read permission on "documents" and
> > > > > > recursively on "reviews" and try to call
> > > > > > root.getNode("documents/reviews") it works fine.
> > > > > > (it throws an exception)
> > > > > >
> > > > > > but, when i revoke read permission only on
> > > > > > "documents", trying to call
> > > > > > root.getNode("documents/reviews") doesn't throw
> > > > > > exception, but i think that it should throws an
> > > > > > exception the same, because it
> > > > > > has however to first read to "documents" node.
> > > > > > it seems that it doesn't consider the
> > > > > > "documents" node. does anyone can explain me
> > > > > > this strange behaviour? thanks
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Todd Seiber
> > > 830 Fishing Creek Rd.
> > > New Cumberland, PA 17070
> > >
> > > h. 717-938-5778
> > > c. 717-497-1742
> > > e. todd.seiber@gmail.com
> > >
> >
> 
> 
> 
> -- 
> Todd Seiber
> 830 Fishing Creek Rd.
> New Cumberland, PA 17070
> 
> h. 717-938-5778
> c. 717-497-1742
> e. todd.seiber@gmail.com
> 

Mime
View raw message