You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2018/02/22 10:50:02 UTC

[jira] [Updated] (OAK-7277) Expose principal name, path and requested privilege in javax.jcr.AccessDeniedException

     [ https://issues.apache.org/jira/browse/OAK-7277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Konrad Windszus updated OAK-7277:
---------------------------------
    Summary: Expose principal name, path and requested privilege in javax.jcr.AccessDeniedException  (was: Expose authorizable id, path and requested privilege in javax.jcr.AccessDeniedException)

> Expose principal name, path and requested privilege in javax.jcr.AccessDeniedException
> --------------------------------------------------------------------------------------
>
>                 Key: OAK-7277
>                 URL: https://issues.apache.org/jira/browse/OAK-7277
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: jcr
>    Affects Versions: 1.6.1
>            Reporter: Konrad Windszus
>            Priority: Major
>
> Currently the error message for {{javax.jcr.AccessDeniedException}} is pretty sparse, it could look like thisĀ 
> OakAccess0000: Access denied
> The full stacktrace might look like this
> {code}
> javax.jcr.AccessDeniedException: OakAccess0000: Access denied
>     at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
>     at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
>     at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
>     at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
>     at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)
>     at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
>     at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
>     at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:208)
>     at com.day.cq.wcm.core.impl.PageManagerImpl.createRevision(PageManagerImpl.java:1395)
>     ... 115 common frames omitted
> Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
>     at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:242)
>     at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.propertyAdded(PermissionValidator.java:112)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.propertyAdded(CompositeEditor.java:83)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.propertyAdded(EditorDiff.java:82)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareProperties(SegmentNodeState.java:617)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:515)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:555)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:555)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.MapRecord$3.childNodeChanged(MapRecord.java:441)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:489)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compareBranch(MapRecord.java:568)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:467)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:433)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
>     at org.apache.jackrabbit.oak.segment.MapRecord$2.childNodeChanged(MapRecord.java:400)
>     at org.apache.jackrabbit.oak.segment.MapRecord$3.childNodeChanged(MapRecord.java:441)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:489)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:433)
>     at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:391)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
>     at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
>     at org.apache.jackrabbit.oak.spi.commit.EditorHook.processCommit(EditorHook.java:54)
>     at org.apache.jackrabbit.oak.spi.commit.CompositeHook.processCommit(CompositeHook.java:61)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.prepare(SegmentNodeStore.java:603)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.optimisticMerge(SegmentNodeStore.java:634)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.execute(SegmentNodeStore.java:690)
>     at org.apache.jackrabbit.oak.segment.SegmentNodeStore.merge(SegmentNodeStore.java:334)
>     at org.apache.jackrabbit.oak.core.MutableRoot.commit(MutableRoot.java:249)
>     at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.commit(SessionDelegate.java:347)
>     at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:494)
>     ... 120 common frames omitted
> {code}
> Crucial information for debugging in this case are
> * the authorizable id with which the repo was accessed
> * the path of the repo
> * the privilege being requested
> All this information should be included in the exception.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)