[ https://issues.apache.org/jira/browse/OAK-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13789380#comment-13789380 ]
angela commented on OAK-1081: ----------------------------- i don't think that any special filtering should be performed for the access control content such as e.g. rep:policy nodes. but as far as i can see, you didn't incorporate this into the patch, right? testing for Tree#exists in the NodeDelegate looks ok to me... > Node.getNodes throwing exception if user does not have access to any child > node > ------------------------------------------------------------------------------- > > Key: OAK-1081 > URL: https://issues.apache.org/jira/browse/OAK-1081 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core, security > Affects Versions: 0.9 > Reporter: Chetan Mehrotra > Assignee: angela > Priority: Minor > Attachments: OAK-1081-fix.patch, OAK-1081-testcase.patch > > > When trying to obtain child iterator via Node.getNodes > {{InvalidItemStateException}} is thrown if user does not have access to its > content > {code:java} > @Test > public void testGetChildren() throws Exception { > deny(path, > privilegesFromName(PrivilegeConstants.JCR_ADD_CHILD_NODES)); > NodeIterator it1 = testSession.getNode(path).getNodes(); > while(it1.hasNext()){ > Node n = it1.nextNode(); > NodeIterator it2 = n.getNodes(); > } > } > {code} > Executing above code leads to following exception > {noformat} > javax.jcr.InvalidItemStateException: Item is stale > at > org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate.getTree(NodeDelegate.java:827) > at > org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate.getChildren(NodeDelegate.java:336) > at > org.apache.jackrabbit.oak.jcr.session.NodeImpl$8.perform(NodeImpl.java:546) > at > org.apache.jackrabbit.oak.jcr.session.NodeImpl$8.perform(NodeImpl.java:543) > at > org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:125) > at > org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:113) > at > org.apache.jackrabbit.oak.jcr.session.NodeImpl.getNodes(NodeImpl.java:543) > at > org.apache.jackrabbit.oak.jcr.security.authorization.ReadPropertyTest.testGetChildren(ReadPropertyTest.java:135) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at > org.apache.jackrabbit.test.AbstractJCRTest.run(AbstractJCRTest.java:464) > at > org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83) > at org.junit.runner.JUnitCore.run(JUnitCore.java:157) > at > com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:77) > at > com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:195) > at > com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:63) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120) > {noformat} > The exception is thrown for path {{/testroot/node1/rep:policy}}. > The issue occurs because the {{NodeIterator}} {{it1}} includes {{rep:policy}} > and later when its child are accessed security check leads to exception. > Probably the {{it1}} should not include {{rep:policy}} as part of child list > and filter it out -- This message was sent by Atlassian JIRA (v6.1#6144)