[
https://issues.apache.org/jira/browse/OAK-9224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17200776#comment-17200776
]
Angela Schreiber edited comment on OAK-9224 at 9/23/20, 11:59 AM:
------------------------------------------------------------------
[~tomek.rekawek], why should token nodes be imported? they are generated upon
login and intended to contain tokens with a very limited life-time that are
expected to expire. so yes, we didn't have a use case so far :). maybe it would
be better to ignore the token nodes altogether (like we do e.g. with the
principal cache nodes (see {{UserImporter}} line 330)?
but maybe you can first share a bit of context on why and where you think this
is needed?
was (Author: anchela):
[~tomek.rekawek], why should token nodes be imported? they are generated upon
login and intended to contain tokens with a very limited life-time that are
expected to expire. so yes, we didn't have a use case so far :). maybe it would
be better to ignore the token nodes altogether (like we do e.g. with the
principal cache nodes (see {{UserImporter}} line 330)?
> Create a protected property importer for handling user tokens
> -------------------------------------------------------------
>
> Key: OAK-9224
> URL: https://issues.apache.org/jira/browse/OAK-9224
> Project: Jackrabbit Oak
> Issue Type: Story
> Components: core, security
> Reporter: Tomek Rękawek
> Assignee: Tomek Rękawek
> Priority: Major
> Fix For: 1.36.0
>
>
> An attempt to invoke {{javax.jcr.Session#importXML()}} on a payload including
> exported {{rep:User}} nodes will fail with the following message if the
> {{.tokens}} subnode is not empty:
> {noformat}
> javax.jcr.nodetype.ConstraintViolationException: OakConstraint0021:
> /home/users/5/5d60zjEABcbAjvqo8SyI/.tokens/50c611f9-9886-4124-ada6-e224ffeead8e[[rep:Token]]:
> Mandatory property rep:token.key not found in a new node
> at
> org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:226)
> [org.apache.jackrabbit.oak-api:1.34.0]
> at
> org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:213)
> [org.apache.jackrabbit.oak-api:1.34.0]
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:677)
> [org.apache.jackrabbit.oak-jcr:1.34.0]
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:503)
> [org.apache.jackrabbit.oak-jcr:1.34.0]
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:424)
> [org.apache.jackrabbit.oak-jcr:1.34.0]
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:273)
> [org.apache.jackrabbit.oak-jcr:1.34.0]
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:421)
> [org.apache.jackrabbit.oak-jcr:1.34.0]
> at
> com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:207)
> [com.adobe.granite.repository:1.6.100]
> {noformat}
> The reason is that all the properties in rep:Token nodes are protected:
> {noformat}
> [rep:Token] > mix:referenceable
> - rep:token.key (string) mandatory protected
> - rep:token.exp (date) mandatory protected
> - * (undefined) protected
> - * (undefined) protected multiple
> {noformat}
> and they'll be skipped by the importer unless there's a custom
> ProtectedPropertyImporter implementation handling them:
> https://github.com/apache/jackrabbit-oak/blob/bb749cac90617f9350189599f5f63ec20da7c490/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/xml/ImporterImpl.java#L278-L288
> The goal of this story is to create such implementation, so the tokens can be
> imported together with the rest of the {{rep:User}} subtree.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
