i'm using my own implementation.
----- Original Message ----- Da : Todd Seiber <[email protected]> A : [email protected] Oggetto : Re: permission problem when call Node.getNode( ) Data : Wed, 21 Jan 2009 09:54:58 -0500 > Are you using the DefaultAccessManager or your own > implementation? > > On Wed, Jan 21, 2009 at 9:42 AM, Alessandro Cosenza < > [email protected]> wrote: > > > no, there are two different sessions. > > the first session is held by the admin which > > revokes read permissions to USER role only for > > "documents" but not for "reviews". > > after logout this session, a simple user logs in and > > tries to read the "music" node and he is able to do > that. > > > Simple user calls root.getNode("documents/reviews") and > > he can read "reviews". > > but if i transform call in > > root.getNode("documents").getNode("reviews") > > he can't read "reviews". > > in the former it seems the "documents" part of the path > > is passed by. > > i don't know why. > > > > ----- Original Message ----- > > Da : Todd Seiber <[email protected]> > > A : [email protected] > > Oggetto : Re: permission problem when call Node.getNode( > > ) Data : Wed, 21 Jan 2009 09:27:41 -0500 > > > > > Are you reusing a session? When I have ran into > > > security issues such as this it has mostly been due to > > > JackRabbit caching permissions. If within a session > > > you read the document node prior to having read > > > permission revoked you will be able to read it for the > > > life of the session or perhaps until its permission is > > > flushed from cache which is a LRUMap (I think). > > > > > > On Wed, Jan 21, 2009 at 9:16 AM, Alessandro Cosenza < > > > [email protected]> wrote: > > > > > > > hi. > > > > i have these folders node: > > > > /documents/reviews > > > > > > > > when i revoke read permission on "documents" and > > > > recursively on "reviews" and try to call > > > > root.getNode("documents/reviews") it works fine. > > > > (it throws an exception) > > > > > > > > but, when i revoke read permission only on > > > > "documents", trying to call > > > > root.getNode("documents/reviews") doesn't throw > > > > exception, but i think that it should throws an > > > > exception the same, because it > > > > has however to first read to "documents" node. it > > > > seems that it doesn't consider the "documents" node. > > > > does anyone can explain me this strange behaviour? > > > > thanks > > > > > > > > > > > > > > > > > -- > Todd Seiber > 830 Fishing Creek Rd. > New Cumberland, PA 17070 > > h. 717-938-5778 > c. 717-497-1742 > e. [email protected] >
