[jira] [Commented] (JCR-3006) UserManager: concurrent user creation using same intermediate path fails

[Julian Reschke (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/JCR-3006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13118057#comment-13118057
 ] 

Julian Reschke commented on JCR-3006:
-------------------------------------

I updated the note about the session, but left out a mention of JCR locks; in 
general, the caller will not know the location of the nodes in the repository 
(if they are there at all). Also, locking the whole tree would required the 
containing node to be lockable.
                
> UserManager: concurrent user creation using same intermediate path fails
> ------------------------------------------------------------------------
>
>                 Key: JCR-3006
>                 URL: https://issues.apache.org/jira/browse/JCR-3006
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.2.7
>            Reporter: Stefan Guggisberg
>         Attachments: ConcurrentCreateUserTest.java, 
> ConcurrentCreateUserTest.java, ConcurrentCreateUserTest.java, JCR-3006.patch, 
> JCR-3006.patch
>
>
> concurrently creating users using same intermediate path fails with "node ... 
> has been modified externally".
> the problem is the intermediate path. if it doesn't exist multiple threads 
> try to create it concurrently: 
> o.a.jackrabbit.core.security.user.UserManagerImpl, line 1310ff:
>             String[] segmts = defaultPath.split("/");
>             NodeImpl folder = (NodeImpl) session.getRootNode();
>             String authRoot = (isGroup) ? groupsPath : usersPath;
>             for (String segment : segmts) {
>                 if (segment.length() < 1) {
>                     continue;
>                 }
>                 if (folder.hasNode(segment)) {
>                     folder = (NodeImpl) folder.getNode(segment);
>                     if (Text.isDescendantOrEqual(authRoot, folder.getPath()) 
> &&
>                             !folder.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
>                         throw new ConstraintViolationException("Invalid 
> intermediate path. Must be of type rep:AuthorizableFolder.");
>                     }
>                 } else {
>                     Node parent = folder;
>                     folder = addNode(folder, session.getQName(segment), 
> NT_REP_AUTHORIZABLE_FOLDER);
>                 }
>             }
> the attached test case illustrates this issue/

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira