You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2018/02/22 10:50:02 UTC
[jira] [Updated] (OAK-7277) Expose principal name, path and
requested privilege in javax.jcr.AccessDeniedException
[ https://issues.apache.org/jira/browse/OAK-7277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Konrad Windszus updated OAK-7277:
---------------------------------
Summary: Expose principal name, path and requested privilege in javax.jcr.AccessDeniedException (was: Expose authorizable id, path and requested privilege in javax.jcr.AccessDeniedException)
> Expose principal name, path and requested privilege in javax.jcr.AccessDeniedException
> --------------------------------------------------------------------------------------
>
> Key: OAK-7277
> URL: https://issues.apache.org/jira/browse/OAK-7277
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: jcr
> Affects Versions: 1.6.1
> Reporter: Konrad Windszus
> Priority: Major
>
> Currently the error message for {{javax.jcr.AccessDeniedException}} is pretty sparse, it could look like thisĀ
> OakAccess0000: Access denied
> The full stacktrace might look like this
> {code}
> javax.jcr.AccessDeniedException: OakAccess0000: Access denied
> at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
> at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
> at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:208)
> at com.day.cq.wcm.core.impl.PageManagerImpl.createRevision(PageManagerImpl.java:1395)
> ... 115 common frames omitted
> Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
> at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:242)
> at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.propertyAdded(PermissionValidator.java:112)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.propertyAdded(VisibleValidator.java:83)
> at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.propertyAdded(CompositeEditor.java:83)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.propertyAdded(EditorDiff.java:82)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareProperties(SegmentNodeState.java:617)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:515)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:555)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:555)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.MapRecord$3.childNodeChanged(MapRecord.java:441)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:489)
> at org.apache.jackrabbit.oak.segment.MapRecord.compareBranch(MapRecord.java:568)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:467)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:433)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:415)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.childNodeChanged(EditorDiff.java:148)
> at org.apache.jackrabbit.oak.segment.MapRecord$2.childNodeChanged(MapRecord.java:400)
> at org.apache.jackrabbit.oak.segment.MapRecord$3.childNodeChanged(MapRecord.java:441)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:489)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:433)
> at org.apache.jackrabbit.oak.segment.MapRecord.compare(MapRecord.java:391)
> at org.apache.jackrabbit.oak.segment.SegmentNodeState.compareAgainstBaseState(SegmentNodeState.java:608)
> at org.apache.jackrabbit.oak.spi.commit.EditorDiff.process(EditorDiff.java:52)
> at org.apache.jackrabbit.oak.spi.commit.EditorHook.processCommit(EditorHook.java:54)
> at org.apache.jackrabbit.oak.spi.commit.CompositeHook.processCommit(CompositeHook.java:61)
> at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.prepare(SegmentNodeStore.java:603)
> at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.optimisticMerge(SegmentNodeStore.java:634)
> at org.apache.jackrabbit.oak.segment.SegmentNodeStore$Commit.execute(SegmentNodeStore.java:690)
> at org.apache.jackrabbit.oak.segment.SegmentNodeStore.merge(SegmentNodeStore.java:334)
> at org.apache.jackrabbit.oak.core.MutableRoot.commit(MutableRoot.java:249)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.commit(SessionDelegate.java:347)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:494)
> ... 120 common frames omitted
> {code}
> Crucial information for debugging in this case are
> * the authorizable id with which the repo was accessed
> * the path of the repo
> * the privilege being requested
> All this information should be included in the exception.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)