Ok, thank you very much. But couldn't the permissions be checked explicit instead of waiting for an exception? I think there will very many (time consuming) exception throwed this way...
Best regards, Erik -----Ursprungligt meddelande----- Fr�n: Unico Hommes [mailto:[EMAIL PROTECTED] Skickat: den 27 oktober 2004 15:02 Till: Slide Users Mailing List �mne: Re: Access denied when performing DASL search with RDBMS and inherited negative permissions Hi Erik, You are right. This was still a todo. But your suggestion and the stacktrace pointed me in the direction for a very simple solution. I guess that it would be enough to catch AccessDeniedException when creating the ComparableResource from the ObjectNode. This way resources that are not visible will not be added to the result set. I've committed the change to CVS. You can checkout the SLIDE_2_1_RELEASE_BRANCH to see if it works. -- Unico Erik Sandstr�m wrote: >Hi, > > > >I am using the latest binary release (2.1 b2) with the RDBM store and I am >trying to perform a DASL search with a user that has negative (inherited) >permissions set on some folders. This makes the search crash. It seems like >the search is made regardless of permissions (which is ok). Then each search >result are populated, also without permission check (this is not ok I think, >because in the population process an Access denied exception is throw that >makes the whole search request return with a status 500. > > > >If I revoke all negative permissions the error dissapear. > > > >Am I doing something wrong? > > > > > >Best regards, > >Erik Sandstr�m > > > >StackTrace with debug mode set to 9: > >27 Oct 2004 09:31:40 - org.apache.slide.common.SlideException - DEBUG - >org.apache.slide.security.AccessDeniedException: Access denied on >/files/test3/test_hidden/zitrone.jpg by user /users/test3 for action >/actions/read > > at >org.apache.slide.security.SecurityImpl.checkPermission(SecurityImpl.java:47 3 >) > > at >org.apache.slide.security.SecurityImpl.checkCredentials(SecurityImpl.java:4 0 >5) > > at >org.apache.slide.structure.StructureImpl.retrieve(StructureImpl.java:179) > > at >org.apache.slide.content.ContentImpl.retrieve(ContentImpl.java:155) > > at >org.apache.slide.search.basic.ComparableResourceImpl.<init>(ComparableResou r >ceImpl.java:145) > > at >org.apache.slide.search.basic.ComparableResourceImpl.<init>(ComparableResou r >ceImpl.java:117) > > at >org.apache.slide.store.impl.rdbms.RDBMSComparableResourcesPool.getPool(RDBM S >ComparableResourcesPool.java:114) > > at >org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.initialize(RDBM S >ResultSet.java:46) > > at >org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.iterator(RDBMSR e >sultSet.java:81) > > at >java.util.AbstractCollection.addAll(AbstractCollection.java:316) > > at >org.apache.slide.search.SearchQueryResult.add(SearchQueryResult.java:123) > > at >org.apache.slide.search.basic.BasicQueryEnvelope.execute(BasicQueryEnvelope . >java:217) > > at >org.apache.slide.search.SearchImpl.search(SearchImpl.java:127) > > at >org.apache.slide.webdav.method.SearchMethod.executeRequest(SearchMethod.jav a >:224) > > at >org.apache.slide.webdav.method.AbstractWebdavMethod.run(AbstractWebdavMetho d >.java:403) > > at >org.apache.slide.webdav.WebdavServlet.service(WebdavServlet.java:482) > > at >javax.servlet.http.HttpServlet.service(HttpServlet.java:853) > > at >org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio n >FilterChain.java:237) > > at >org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC h >ain.java:157) > > at >org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j a >va:214) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContex t >Valve.java:198) > > at >org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j a >va:152) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBas e >.java:540) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:13 7 >) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 8 >) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:417 ) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav a >:109) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) > > at >org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) > > at >org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) > > at >org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConn e >ction(Http11Protocol.java:705) > > at >org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) > > at >org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja v >a:683) > > at java.lang.Thread.run(Thread.java:595) > > > >27 Oct 2004 09:31:40 - org.apache.slide.common.Domain - WARNING - > >27 Oct 2004 09:31:40 - org.apache.slide.common.SlideException - DEBUG - >org.apache.slide.search.BadQueryException: > > at >org.apache.slide.store.impl.rdbms.RDBMSComparableResourcesPool.getPool(RDBM S >ComparableResourcesPool.java:120) > > at >org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.initialize(RDBM S >ResultSet.java:46) > > at >org.apache.slide.store.impl.rdbms.expression.RDBMSResultSet.iterator(RDBMSR e >sultSet.java:81) > > at >java.util.AbstractCollection.addAll(AbstractCollection.java:316) > > at >org.apache.slide.search.SearchQueryResult.add(SearchQueryResult.java:123) > > at >org.apache.slide.search.basic.BasicQueryEnvelope.execute(BasicQueryEnvelope . >java:217) > > at >org.apache.slide.search.SearchImpl.search(SearchImpl.java:127) > > at >org.apache.slide.webdav.method.SearchMethod.executeRequest(SearchMethod.jav a >:224) > > at >org.apache.slide.webdav.method.AbstractWebdavMethod.run(AbstractWebdavMetho d >.java:403) > > at >org.apache.slide.webdav.WebdavServlet.service(WebdavServlet.java:482) > > at >javax.servlet.http.HttpServlet.service(HttpServlet.java:853) > > at >org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio n >FilterChain.java:237) > > at >org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC h >ain.java:157) > > at >org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j a >va:214) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContex t >Valve.java:198) > > at >org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j a >va:152) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBas e >.java:540) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:13 7 >) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:11 8 >) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:417 ) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:102) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav a >:109) > > at >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte x >t.java:104) > > at >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) > > at >org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) > > at >org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) > > at >org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) > > at >org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConn e >ction(Http11Protocol.java:705) > > at >org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) > > at >org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja v >a:683) > > at java.lang.Thread.run(Thread.java:595) > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
