Hi,
The DefaultAccessManager caches CompiledPermissions, and this cache
persists for the life of the session. Accessing Jackrabbit through
Sling, there's some additional session pooling so that sessions (and
therefore cached permissions) persist over requests.
This is causing an issue for us because it means that when we update
group membership (especially when we create new groups and add existing
users with existing sessions to those groups), the changes in
permissions are not reflected in the AccessManager for the
already-logged-in users.
There's a TODO in the DefaultAccessManager:
* TODO: if the users group-membership gets modified the
compiledPermissions
* TODO should ev. be recalculated. currently those modifications
are only
* TODO reflected upon re-login to the repository.
Are there any plans to make that change? If I wanted to tackle that,
where would be a good place to start?
Thanks,
Arthur
