jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Seiber <todd.sei...@gmail.com>
Subject Re: permission problem when call Node.getNode( )
Date Wed, 21 Jan 2009 14:27:41 GMT
Are you reusing a session? When I have ran into security issues such as this
it has mostly been due to JackRabbit caching permissions. If within a
session you read the document node prior to having read permission revoked
you will be able to read it for the life of the session or perhaps until its
permission is flushed from cache which is a LRUMap (I think).

On Wed, Jan 21, 2009 at 9:16 AM, Alessandro Cosenza <
alessandro.cosenza@itkey.it> wrote:

> hi.
> i have these folders node:
> /documents/reviews
>
> when i revoke read permission on "documents" and recursively
> on "reviews" and try to call
> root.getNode("documents/reviews") it works fine.
> (it throws an exception)
>
> but, when i revoke read permission only on "documents",
> trying to call root.getNode("documents/reviews") doesn't
> throw exception,
> but i think that it should throws an exception the same,
> because it
> has however to first read to "documents" node. it seems that
> it doesn't consider the "documents" node.
> does anyone can explain me this strange behaviour?
> thanks
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message