[
https://issues.apache.org/jira/browse/OAK-6481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096293#comment-16096293
]
Tomek Rękawek commented on OAK-6481:
------------------------------------
bq. I'm trying to read the patch, but I don't see the fix you mention here.
there are plenty of changes that are orthogonal to the problem you mention.
could you explain what exactly are you trying to achieve here?
Sure. In the current trunk code, the workspace name parameter passed between
different permission-related classes is sometimes a valid workspace name (in
this example, {{crx.default}}) and sometimes it's just a name of the permission
root node ({{oak:mount-libs-crx.default}}). The latter is not a valid workspace
name, but works in the permission-related code, because in this code it's only
used to get the right permission root node from
/jcr:system/rep:permissionsStore.
However, when the permission-related code interacts with other parts of the
Oak, like in here:
[CugPermissionProvider:397|https://github.com/apache/jackrabbit-oak/blob/b8f559514e3f4d76bb28e3b7584b8350acd8ff82/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java#L397],
passing the same "extended" workspace name may break something. In this case,
the ReadOnlyVersionManager#getVersionable() method expects a valid workspace
name, while the CugPermissionsProvider passes the one containing the Mount
fragment.
The submitted patch changes this behaviour. It no longer combines the workspace
name with the mount name, but keeps them separated. This way, if some code
invoked from the permission providers (like the ReadOnlyVersionManager) expects
a valid workspace name, it can get one.
> Missing versionable path property for oak:mount-libs-crx.default
> ----------------------------------------------------------------
>
> Key: OAK-6481
> URL: https://issues.apache.org/jira/browse/OAK-6481
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.7.3
> Reporter: Tomek Rękawek
> Fix For: 1.8
>
> Attachments: OAK-6481.patch
>
>
> After applying the OAK-3777, following warning can be found in the logs:
> {noformat}
> 21.07.2017 02:00:00.713 *WARN* [sling-default-999-HourlySnapshotJob]
> org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager Missing
> versionable path property for oak:mount-libs-crx.default at
> /jcr:system/jcr:versionStorage/5e/8d/89/5e8d8989-f86b-4e1b-b7f8-5089c44f5ed7
> 21.07.2017 02:00:00.713 *WARN* [sling-default-999-HourlySnapshotJob]
> org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissionImpl
> Cannot retrieve versionable node for
> /jcr:system/jcr:versionStorage/5e/8d/89/5e8d8989-f86b-4e1b-b7f8-5089c44f5ed7/1.0/jcr:frozenNode
> {noformat}
> It suggests that somehow the name of the new permission store
> (oak:mount-libs-crx.default) is being used as the workspace name for the
> version storage.
> If I understand correctly, it shouldn't happen. The workspace name is
> sometimes used as the name of the permission store node (eg.
> {{/jcr:system/rep:permissionStore/crx.default}}), but not the other way
> around - the name of the permission store node is not always a valid
> workspace name (eg.
> {{/jcr:system/rep:permissionStore/oak:mount-libs-crx.default}})
> //cc: [~stillalex]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
