Edward Ribeiro created ZOOKEEPER-2590:
-----------------------------------------
Summary: setACL doesn't affect exists() operation
Key: ZOOKEEPER-2590
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2590
Project: ZooKeeper
Issue Type: Bug
Reporter: Edward Ribeiro
As hinted
[here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298],
even if a parent znode path has restricted READ access it's possible to issue
an exists() operation on any child znode of that given path.
For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it
removes ACL rights to "/":
{code}
zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
ArrayList<ACL> acls = new ArrayList<>();
acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
zk.setACL("/", acls, -1);
Stat r = zk.exists("/a", false);
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
