[jira] [Updated] (JCR-2999) Access control evaluation does not properly cope with XA transactions

Wed, 22 Jun 2011 09:19:11 -0700 

     [ 
https://issues.apache.org/jira/browse/JCR-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

angela updated JCR-2999:
------------------------

    Fix Version/s: 2.3.0
                   2.2.8
         Assignee: angela

> Access control evaluation does not properly cope with XA transactions
> ---------------------------------------------------------------------
>
>                 Key: JCR-2999
>                 URL: https://issues.apache.org/jira/browse/JCR-2999
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security, transactions
>            Reporter: angela
>            Assignee: angela
>             Fix For: 2.2.8, 2.3.0
>
>         Attachments: JCR-2999.patch
>
>
> the following test fails with ItemNotFoundException at the indicated position 
> due to the fact that
> the parent n2 is EXISTING but still not visible to the system session 
> responsible for the ac
> evaluation.
> public void testTransaction() throws Exception {
>         // make sure testUser has all privileges
>         Privilege[] privileges = privilegesFromName(Privilege.JCR_ALL);
>         givePrivileges(path, privileges, getRestrictions(superuser, path));
>         // create new node and lock it
>         Session s = getTestSession();
>         UserTransaction utx = new UserTransactionImpl(s);
>         utx.begin();
>         // add node and save it
>         Node n = s.getNode(childNPath);
>         if (n.hasNode(nodeName1)) {
>             Node c = n.getNode(nodeName1);
>             c.remove();
>             s.save();
>         }
>         Node n2 = n.addNode(nodeName1);
>         s.save();
>             
>         Node n3 = n2.addNode(nodeName2);
>         s.save(); // exception
>         // commit
>         utx.commit();
>     }
> A possible workaround would be to make sure that 
> ItemSaveOperation.persistTransientItems 
> retrieves the parent without having the checkPermission enabled since we can 
> assume that
> the new item could not be added if the parent was not readable in the first 
> place.... but careful
> evaluation would be required.
> NOTE: this is just one example of the AC-evaluation not properly dealing with 
> XA transactions.
> I am convinced that other examples could be find....

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to