You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2017/07/18 15:44:00 UTC

[jira] [Commented] (OAK-6467) CompositeTreePermission can create an invalid TreePermsssion object

    [ https://issues.apache.org/jira/browse/OAK-6467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091734#comment-16091734 ] 

angela commented on OAK-6467:
-----------------------------

[~stillalex], i am not sure this is really a bug. if your have a security setup that ends up with a {{TreePermission.NO_RECOURSE}} as the only option left your setup is wrong and this should be identified during testing of a new authorization model.

> CompositeTreePermission can create an invalid TreePermsssion object
> -------------------------------------------------------------------
>
>                 Key: OAK-6467
>                 URL: https://issues.apache.org/jira/browse/OAK-6467
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core, security
>            Reporter: Alex Deparvu
>            Assignee: Alex Deparvu
>             Fix For: 1.7.4
>
>
> There's a case where the {{CompositePermissionProvider}} can create an invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}} object. It can return a {{NO_RECOURSE}} if there's a single provider configured (like the CUG) that is not able to handle that specific check.
> {noformat}
> java.lang.UnsupportedOperationException: null
> 	at org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission$3.canRead(TreePermission.java:212)
> 	at org.apache.jackrabbit.oak.core.SecureNodeBuilder.exists(SecureNodeBuilder.java:128)
> 	at org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree.exists(AbstractTree.java:225)
> 	at org.apache.jackrabbit.oak.core.MutableTree.exists(MutableTree.java:122)
> 	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getNode(SessionDelegate.java:427)
> 	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getRootNode(SessionDelegate.java:415)
> 	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getItem(SessionDelegate.java:440)
> 	at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemInternal(SessionImpl.java:166)
> 	at org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$400(SessionImpl.java:81)
> 	at org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:228)
> 	at org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:225)
> 	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:243)
> 	at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemOrNull(SessionImpl.java:225)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)