[
https://issues.apache.org/jira/browse/JCRVLT-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated JCRVLT-100:
--------------------------
Description:
Based on the JCRLT-99 i searched the code base for additional places where
access to the root node is required.
[~tripod], in the attached {{filevault_root_access.txt}} you can find the
complete result for searching the jcrvlt code base for {{getRootNode}}. some
seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that
others might require some attention.
if using the functionality provided with a non-admin session, access to the
root node is likely to not be granted thus rendering the filevault unusable (or
risking privilege escalations by being forced to grant a non-privileged session
full access up to the root node).
i will create individual subtasks for the various parts that IMHO need to be
fixed.
was:
When creating a package using PackageManagerImpl.assemble() the package manager
session used always requires read access to the root node, due to the call to
Session.getRootNode().
{code}
Caused by: javax.jcr.AccessDeniedException: Root node is not accessible.
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:304)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:298)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:209)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl.getRootNode(SessionImpl.java:298)
at
org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.getPackageRoot(JcrPackageManagerImpl.java:637)
at
org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.listPackages(JcrPackageManagerImpl.java:683)
at
org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.validateSubPackages(JcrPackageManagerImpl.java:490)
at
org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:458)
at
org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:447)
{code}
I'm using version 3.1.20 (as reported by felix console), but somehow this
version is not available in the Jira "Affects Version/s" field.
> FileVault requires read access to root node
> -------------------------------------------
>
> Key: JCRVLT-100
> URL: https://issues.apache.org/jira/browse/JCRVLT-100
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Reporter: angela
> Attachments: JCRVLT-99_DefaultWorkspaceFilter.patch,
> JCRVLT-99_DocViewSAXImporter_JcrSysViewTransformer.patch,
> JCRVLT-99_Importer.patch, JCRVLT-99_JcrPackageDefinitionImpl.patch,
> JCRVLT-99_JcrPackageManagerImpl.patch, filevault_root_access.txt
>
>
> Based on the JCRLT-99 i searched the code base for additional places where
> access to the root node is required.
> [~tripod], in the attached {{filevault_root_access.txt}} you can find the
> complete result for searching the jcrvlt code base for {{getRootNode}}. some
> seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that
> others might require some attention.
> if using the functionality provided with a non-admin session, access to the
> root node is likely to not be granted thus rendering the filevault unusable
> (or risking privilege escalations by being forced to grant a non-privileged
> session full access up to the root node).
> i will create individual subtasks for the various parts that IMHO need to be
> fixed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
