jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Seiber <todd.sei...@gmail.com>
Subject Re: permission problem when call Node.getNode( )
Date Wed, 21 Jan 2009 14:54:58 GMT
Are you using the DefaultAccessManager or your own implementation?

On Wed, Jan 21, 2009 at 9:42 AM, Alessandro Cosenza <
alessandro.cosenza@itkey.it> wrote:

> no, there are two different sessions.
> the first session is held by the admin which
> revokes read permissions to USER role only for "documents"
> but not for "reviews".
> after logout this session, a simple user logs in and
> tries to read the "music" node and he is able to do that.
>
> Simple user calls root.getNode("documents/reviews") and he
> can read "reviews".
> but if i transform call in
> root.getNode("documents").getNode("reviews")
> he can't read "reviews".
> in the former it seems the "documents" part of the path is
> passed by.
> i don't know why.
>
> ----- Original Message -----
> Da : Todd Seiber <todd.seiber@gmail.com>
> A : users@jackrabbit.apache.org
> Oggetto : Re: permission problem when call Node.getNode( )
> Data : Wed, 21 Jan 2009 09:27:41 -0500
>
> > Are you reusing a session? When I have ran into security
> > issues such as this it has mostly been due to JackRabbit
> > caching permissions. If within a session you read the
> > document node prior to having read permission revoked you
> > will be able to read it for the life of the session or
> > perhaps until its permission is flushed from cache which
> > is a LRUMap (I think).
> >
> > On Wed, Jan 21, 2009 at 9:16 AM, Alessandro Cosenza <
> > alessandro.cosenza@itkey.it> wrote:
> >
> > > hi.
> > > i have these folders node:
> > > /documents/reviews
> > >
> > > when i revoke read permission on "documents" and
> > > recursively on "reviews" and try to call
> > > root.getNode("documents/reviews") it works fine.
> > > (it throws an exception)
> > >
> > > but, when i revoke read permission only on "documents",
> > > trying to call root.getNode("documents/reviews") doesn't
> > > throw exception,
> > > but i think that it should throws an exception the same,
> > > because it
> > > has however to first read to "documents" node. it seems
> > > that it doesn't consider the "documents" node.
> > > does anyone can explain me this strange behaviour?
> > > thanks
> > >
> > >
> >
>



-- 
Todd Seiber
830 Fishing Creek Rd.
New Cumberland, PA 17070

h. 717-938-5778
c. 717-497-1742
e. todd.seiber@gmail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message