[
https://issues.apache.org/jira/browse/OAK-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13789380#comment-13789380
]
angela commented on OAK-1081:
-----------------------------
i don't think that any special filtering should be performed for the access
control content such as e.g. rep:policy nodes. but as far as i can see, you
didn't incorporate this into the patch, right?
testing for Tree#exists in the NodeDelegate looks ok to me...
> Node.getNodes throwing exception if user does not have access to any child
> node
> -------------------------------------------------------------------------------
>
> Key: OAK-1081
> URL: https://issues.apache.org/jira/browse/OAK-1081
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core, security
> Affects Versions: 0.9
> Reporter: Chetan Mehrotra
> Assignee: angela
> Priority: Minor
> Attachments: OAK-1081-fix.patch, OAK-1081-testcase.patch
>
>
> When trying to obtain child iterator via Node.getNodes
> {{InvalidItemStateException}} is thrown if user does not have access to its
> content
> {code:java}
> @Test
> public void testGetChildren() throws Exception {
> deny(path,
> privilegesFromName(PrivilegeConstants.JCR_ADD_CHILD_NODES));
> NodeIterator it1 = testSession.getNode(path).getNodes();
> while(it1.hasNext()){
> Node n = it1.nextNode();
> NodeIterator it2 = n.getNodes();
> }
> }
> {code}
> Executing above code leads to following exception
> {noformat}
> javax.jcr.InvalidItemStateException: Item is stale
> at
> org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate.getTree(NodeDelegate.java:827)
> at
> org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate.getChildren(NodeDelegate.java:336)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl$8.perform(NodeImpl.java:546)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl$8.perform(NodeImpl.java:543)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:125)
> at
> org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:113)
> at
> org.apache.jackrabbit.oak.jcr.session.NodeImpl.getNodes(NodeImpl.java:543)
> at
> org.apache.jackrabbit.oak.jcr.security.authorization.ReadPropertyTest.testGetChildren(ReadPropertyTest.java:135)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at
> org.apache.jackrabbit.test.AbstractJCRTest.run(AbstractJCRTest.java:464)
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83)
> at org.junit.runner.JUnitCore.run(JUnitCore.java:157)
> at
> com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:77)
> at
> com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:195)
> at
> com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:63)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
> {noformat}
> The exception is thrown for path {{/testroot/node1/rep:policy}}.
> The issue occurs because the {{NodeIterator}} {{it1}} includes {{rep:policy}}
> and later when its child are accessed security check leads to exception.
> Probably the {{it1}} should not include {{rep:policy}} as part of child list
> and filter it out
--
This message was sent by Atlassian JIRA
(v6.1#6144)
