jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Tuckett <nick.tuck...@playfish.com>
Subject Access Control problem when reading back node saved inside an XA Transaction
Date Thu, 27 Sep 2012 11:07:31 GMT

I'm working with Jackrabbit 2.4.2 and have the following scenario:

   - Create a session for a non-admin user account.
   - Cast the session to an XAResource, generate a new transaction ID and
   start a transaction (like org.apache.jackrabbit.core.UserTransactionImpl).
   - Use the session to create a new node, record its identifier then set
   some properties and save the session.
   - After some further processing logic not using Jackrabbit, attempt to
   get the new node via its identifier.
      - javax.jcr.ItemNotFoundException is thrown from
      inside org.apache.jackrabbit.core.security.authorization.acl.CompiledPermissionsImpl.canRead
      when it uses an ItemManager instance to get the new node.

I have debugged through my code and the Jackrabbit code it calls, and can
see the following:

   - My new node is present in the item cache for my session, which is
   retrieved ok by the getNodeByIdentifier() call.
   - The permissions check above tries to retrieve my node by id using a
   different (system) session in the DefaultAccessManager, which doesn't have
   my node in its cache. This attempts to read the node from the persistence
   layer as a result, which fails as the data won't be there because of the

If I perform the same operation with an admin account, it works fine as the
can-read check is short-circuited to always return true.

Is there something I'm missing in how access control should be configured,
or how I'm using transactions?

Thanks in advance,


Nick Tuckett.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message