[
https://issues.apache.org/jira/browse/JCRVLT-99?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated JCRVLT-99:
-------------------------
Attachment: JCRVLT-99_JcrPackageManagerImpl.patch
proposed patch for {{JcrPackageManagerImpl}} fixing 2 of the usages of
{{Session.getRootNode()}} present in that class. For the one reported by
[[email protected]] i also wrote some test-cases (without running the complete
build though).
Note, the setup of the test base class is IMO a bit troublesome as it is based
on the assumption that everyone as read access on the complete repository.
since that is usually not the case and it prevents testing limited access, i
had to hack a bit in the tests running with the anonymous session... that might
have an impact on other tests (depending on whether ac-content on the root node
is properly cleared during teardown... please verify :-)
In general I think it would be helpful to have limited access for the anonymous
session by default as it would reveal issues as the issue reported above and
also would allow to easily write more tests. e.g. even having 2 more cases:
- behavior for sessions without any access (e.g. anonymous)
- behavior for sessions with access on the relevant paths (e.g. a testuser)
> Creating a package using package manager API requires read access to root node
> ------------------------------------------------------------------------------
>
> Key: JCRVLT-99
> URL: https://issues.apache.org/jira/browse/JCRVLT-99
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Reporter: Marc Pfaff
> Attachments: JCRVLT-99_JcrPackageManagerImpl.patch,
> filevault_root_access.txt
>
>
> When creating a package using PackageManagerImpl.assemble() the package
> manager session used always requires read access to the root node, due to the
> call to Session.getRootNode().
> {code}
> Caused by: javax.jcr.AccessDeniedException: Root node is not accessible.
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:304)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:298)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:209)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.getRootNode(SessionImpl.java:298)
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.getPackageRoot(JcrPackageManagerImpl.java:637)
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.listPackages(JcrPackageManagerImpl.java:683)
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.validateSubPackages(JcrPackageManagerImpl.java:490)
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:458)
> at
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:447)
> {code}
> I'm using version 3.1.20 (as reported by felix console), but somehow this
> version is not available in the Jira "Affects Version/s" field.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
