[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13184995#comment-13184995 ] Julian Reschke commented on JCR-2859: - The problem is caused by LockInfoImpl in SPI assuming that seeing the lock token implies owning the Lock. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Fix For: 2.5 > > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13179527#comment-13179527 ] Julian Reschke commented on JCR-2859: - So I have left the patch as proposed, allowing admin users to get the lock token, enabling them to unlock the node. Added JCR-3199 as a change request (make the default lock time out configurable). > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Fix For: 2.5 > > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178798#comment-13178798 ] angela commented on JCR-2859: - > by changing the default timeout from "Infinity" to something reasonable yes. that definitely makes sense... maybe we could even make the default timeout part of the workspace configuration as the preferred timeout may vary between different types of applications. in any case we should clarify that as a general rule it is preferable to specify a reasonable timeout suited for the situation when creating a new lock... LockManager#lock always takes a timeout hint, while Node.lock (which doesn't support it) has been deprecated as of JSR 283. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178789#comment-13178789 ] Julian Reschke commented on JCR-2859: - +1 for starting with a small change (thus leaving it to admins). That being said, maybe we should also try to mitigate the effects of lost lock tokens? For instance, by changing the default timeout from "Infinity" to something reasonable? > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178768#comment-13178768 ] angela commented on JCR-2859: - imo loosing a lock token should be considered a mistake with the API consumer rather than something that occurs on a regular basis. while i am fine with providing a fallback in case the token is indeed lost, i am therefore not convinced that having a group that is allowed to see all lock tokens in the repository would be a wise move. apart from the fact that i consider this an edge case that should not be used on a regular basis, being member of a given group will not guarantee that a given user is allowed to lock/unlock a given node but only expose the lock token (in contrast to the admin). thus, i'm in favor of the latest patch by julian. however, -1 for allow breaking locks based on group membership. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13176634#comment-13176634 ] Julian Reschke commented on JCR-2859: - > Shouldn't we push this a step forward and rename the isAdmin method to > isLockbreaker and introduce a "lockbreaker" group and require the session to > be a member of that group ? Kind of like a well known group name like > administrators and everyone ? Yes, something like that. And make admin automatically a lockbreaker, I assume. Do we have other code that works in a similar way where I could steal code? (in the meantime I'll fix JCR-3195 which will make this change smaller) > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13176630#comment-13176630 ] Felix Meschberger commented on JCR-2859: I like the lock breaker idea. Shouldn't we push this a step forward and rename the isAdmin method to isLockbreaker and introduce a "lockbreaker" group and require the session to be a member of that group ? Kind of like a well known group name like administrators and everyone ? > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.diff, JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13174880#comment-13174880 ] Julian Reschke commented on JCR-2859: - I believe there's a better way to do this; which happens to be what's used in WebDAV as well (yeah for consistency): a) define a class of users that are "lock breakers", for now, the admin b) to these users, provide the lock token (instead of returning null); this is allowed per JSR-283, http://www.day.com/specs/jcr/2.0/17_Locking.html#17.12.4%20Getting%20a%20Lock%20Token c) then, the lock breaker can add the lock token to the Session and perform the unlock() > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13169516#comment-13169516 ] Julian Reschke commented on JCR-2859: - > Attached a patch. If the session is an admin session and lock is open scoped > the session will be the lock holder so it can be unlocked. I think this is problematic. Consider processes running in admin sessions trying to synchronize/reserve using locks. If all admin locks are essentially shared by all admin sessions, this will break big time. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2 >Reporter: Carsten Ziegeler >Assignee: Julian Reschke > Attachments: JCR-2859.patch, OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12985680#action_12985680 ] Jukka Zitting commented on JCR-2859: I would rather not add extra lock tokens to an admin session, since that would muddy the waters on who is actually owning or holding a lock at a time. Instead I'd simply give an admin session the right to unlock any open-scoped lock, regardless of whether it holds the lock token or not. Note also that the tokens of all open scoped locks are already stored by the repository in a "locks" file so that they will survive over repository restarts. But as mentioned above, you probably don't need to worry about the tokens when implementing this. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > Attachments: OpenScopeLockTest.java > > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977861#action_12977861 ] Carsten Ziegeler commented on JCR-2859: --- I'm fine with Jukka's proposal as well - my idea was based on another repository implementation I've seen - in the end I don't care what the exact way is, as long as it is possible > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977838#action_12977838 ] Cédric Damioli commented on JCR-2859: - I tend to agree with Stefan that it's the client responsibility to store lock tockens. It's the way I'm managing locks in my applications. But it may happen some failures (either in the client code or in JR code) that make the tocken unrecoverable. Giving the possibility to have some admin feature to cover such cases in IMHO a very good thing. Right now, I have to stop the application (which may be very annoying in production) and modify the locks file by hand. So a big +1 to Jukka's proposal, if client code is able to have access to such special sessions. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977821#action_12977821 ] Jukka Zitting commented on JCR-2859: I would treat this as an administration operation that normal client sessions should not be able to do. We could for example allow admin sessions (or sessions with some special privilege) to unlock any locks in the repository. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977805#action_12977805 ] Carsten Ziegeler commented on JCR-2859: --- > LockManager.lock(...) returns a Lock instance => Lock.getLockToken() Yes I know, what I meant above is: there is no way to get a lock token if you did not lock the node yourself > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977804#action_12977804 ] Carsten Ziegeler commented on JCR-2859: --- Session scoped locks do not work in a clustered env - so either this has to be fixed or that; otherwise locks in a clustered env are a pain to use > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977797#action_12977797 ] Stefan Guggisberg commented on JCR-2859: > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. why? if a client does create an open-scoped lock (he has to do so explicitly) he's responsible for persisting the lock token for future use. if the client doesn't want to do that he should use session-scoped locks instead. > There is no API in JCR to get the lock token LockManager.lock(...) returns a Lock instance => Lock.getLockToken() > I think it would make sense to allow all sessions from the same user to > unlock the node -1, i'd consider this rather a hack; the current behavior is IMO correct. > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977716#action_12977716 ] Carsten Ziegeler commented on JCR-2859: --- There is no API in JCR to get the lock token and I think storing it somewhere accessible makes the token available to everyone not just the user who created the lock. Now I don't consider this a great danger - having a locked node which can never be unlocked again, sounds more problematic too me. But I guess this should be made configurable - default being the old behaviour > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-2859) Make open scoped locks recoverable
[ https://issues.apache.org/jira/browse/JCR-2859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12977706#action_12977706 ] Cédric Damioli commented on JCR-2859: - It could also be possible to store the lock tocken somewhere (on the locked node ?, on the node state ?), so that it may be retrieved on demand and set on the current session. >From my POV, it may be too "dangerous" to allow any session from the same user >to unlock the node. What if the session which initially locked the node is still alive ? > Make open scoped locks recoverable > -- > > Key: JCR-2859 > URL: https://issues.apache.org/jira/browse/JCR-2859 > Project: Jackrabbit Content Repository > Issue Type: New Feature > Components: locks >Affects Versions: 2.2.0 >Reporter: Carsten Ziegeler > > The lock tokens for open scoped locks are currently tied to the session which > created the lock. If the session dies (for whatever reason) there is no way > to recover the lock and unlock the node. > There is a theoretical way of adding the lock token to another session, but > in most cases the lock token is not available. > Fortunately, the spec allows to relax this behaviour and I think it would > make sense to allow all sessions from the same user to unlock the node - this > is still in compliance with the spec but would make unlocked locked nodes > possible in a programmatic way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
