Hi
I'm working with Jackrabbit 2.4.2 and have the following scenario:
- Create a session for a non-admin user account.
- Cast the session to an XAResource, generate a new transaction ID and
start a transaction (like org.apache.jackrabbit.core.UserTransactionImpl).
- Use the session to create a new node, record its identifier then set
some properties and save the session.
- After some further processing logic not using Jackrabbit, attempt to
get the new node via its identifier.
- javax.jcr.ItemNotFoundException is thrown from
inside
org.apache.jackrabbit.core.security.authorization.acl.CompiledPermissionsImpl.canRead
when it uses an ItemManager instance to get the new node.
I have debugged through my code and the Jackrabbit code it calls, and can
see the following:
- My new node is present in the item cache for my session, which is
retrieved ok by the getNodeByIdentifier() call.
- The permissions check above tries to retrieve my node by id using a
different (system) session in the DefaultAccessManager, which doesn't have
my node in its cache. This attempts to read the node from the persistence
layer as a result, which fails as the data won't be there because of the
transaction.
If I perform the same operation with an admin account, it works fine as the
can-read check is short-circuited to always return true.
Is there something I'm missing in how access control should be configured,
or how I'm using transactions?
Thanks in advance,
Regards
Nick Tuckett.
