Hi Erik,
You are right. This was still a todo. But your suggestion and the stacktrace pointed me in the direction for a very simple solution. I guess that it would be enough to catch AccessDeniedException when creating the ComparableResource from the ObjectNode. This way resources that are not visible will not be added to the result set. I've committed the change to CVS. You can checkout the SLIDE_2_1_RELEASE_BRANCH to see if it works.
-- Unico
Erik Sandstr�m wrote:
Hi,
I am using the latest binary release (2.1 b2) with the RDBM store and I am trying to perform a DASL search with a user that has negative (inherited) permissions set on some folders. This makes the search crash. It seems like the search is made regardless of permissions (which is ok). Then each search result are populated, also without permission check (this is not ok I think, because in the population process an Access denied exception is throw that makes the whole search request return with a status 500.
If I revoke all negative permissions the error dissapear.
Am I doing something wrong?
Best regards,
Erik Sandstr�m
StackTrace with debug mode set to 9:
27 Oct 2004 09:31:40 - org.apache.slide.common.SlideException - DEBUG - org.apache.slide.security.AccessDeniedException: Access denied on /files/test3/test_hidden/zitrone.jpg by user /users/test3 for action /actions/read
at org.apache.slide.security.SecurityImpl.checkPermission(SecurityImpl.java:473 )
at org.apache.slide.security.SecurityImpl.checkCredentials(SecurityImpl.java:40 5)
at org.apache.slide.structure.StructureImpl.retrieve(StructureImpl.java:179)
at org.apache.slide.content.ContentImpl.retrieve(ContentImpl.java:155)
at org.apache.slide.search.basic.ComparableResourceImpl.<init>(ComparableResour ceImpl.java:145)
at org.apache.slide.search.basic.ComparableResourceImpl.<init>(ComparableResour ceImpl.java:117)
at org.apache.slide.store.impl.rdbms.RDBMSComparableResourcesPool.getPool(RDBMS ComparableResourcesPool.java:114)
at org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.initialize(RDBMS ResultSet.java:46)
at org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.iterator(RDBMSRe sultSet.java:81)
at java.util.AbstractCollection.addAll(AbstractCollection.java:316)
at org.apache.slide.search.SearchQueryResult.add(SearchQueryResult.java:123)
at org.apache.slide.search.basic.BasicQueryEnvelope.execute(BasicQueryEnvelope. java:217)
at org.apache.slide.search.SearchImpl.search(SearchImpl.java:127)
at org.apache.slide.webdav.method.SearchMethod.executeRequest(SearchMethod.java :224)
at org.apache.slide.webdav.method.AbstractWebdavMethod.run(AbstractWebdavMethod .java:403)
at org.apache.slide.webdav.WebdavServlet.service(WebdavServlet.java:482)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext Valve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:540)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137 )
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118 )
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:417)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683)
at java.lang.Thread.run(Thread.java:595)
27 Oct 2004 09:31:40 - org.apache.slide.common.Domain - WARNING -
27 Oct 2004 09:31:40 - org.apache.slide.common.SlideException - DEBUG -
org.apache.slide.search.BadQueryException:
at org.apache.slide.store.impl.rdbms.RDBMSComparableResourcesPool.getPool(RDBMS ComparableResourcesPool.java:120)
at org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.initialize(RDBMS ResultSet.java:46)
at org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.iterator(RDBMSRe sultSet.java:81)
at java.util.AbstractCollection.addAll(AbstractCollection.java:316)
at org.apache.slide.search.SearchQueryResult.add(SearchQueryResult.java:123)
at org.apache.slide.search.basic.BasicQueryEnvelope.execute(BasicQueryEnvelope. java:217)
at org.apache.slide.search.SearchImpl.search(SearchImpl.java:127)
at org.apache.slide.webdav.method.SearchMethod.executeRequest(SearchMethod.java :224)
at org.apache.slide.webdav.method.AbstractWebdavMethod.run(AbstractWebdavMethod .java:403)
at org.apache.slide.webdav.WebdavServlet.service(WebdavServlet.java:482)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext Valve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:540)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137 )
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118 )
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:417)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683)
at java.lang.Thread.run(Thread.java:595)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
