You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2012/08/18 02:57:37 UTC
[jira] [Created] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Tobias Bocanegra created JCR-3412:
-------------------------------------
Summary: UserManager.findAuthorizables() does not work, if session does not have read access to /home
Key: JCR-3412
URL: https://issues.apache.org/jira/browse/JCR-3412
Project: Jackrabbit Content Repository
Issue Type: Bug
Components: jackrabbit-core
Affects Versions: 2.4
Reporter: Tobias Bocanegra
If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
log shows:
org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
Where as this query works, and returns the user homes the session has read access to:
/jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Alex Parvulescu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Parvulescu updated JCR-3412:
---------------------------------
Attachment: JCR-3412.patch
I'm having a bit of trouble building a proper test for this issue.
I see no way to remove read access to the folder that is the home of the acl config (what I'm assuming is refered to as "/home")
There are no ACLs on the node, all the tests I've seen in jr-core assume there is some kind of ACL list that can be tweaked.
Also, I find the fact that all the ACL config is created in the "security" workspace confusing, it took some time to figure that one out :)
I'm attaching what I have so far (patch against jackrabbit-core).
feedback is much appreciated.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Marcel Reutegger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448600#comment-13448600 ]
Marcel Reutegger commented on JCR-3412:
---------------------------------------
You could also extend from the base class of existing authorization tests in jackrabbit-core: AbstractEvaluationTest.
AFAICS it provides a number of utility methods as well that should allow you to apply access control on test nodes.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13438492#comment-13438492 ]
angela commented on JCR-3412:
-----------------------------
to me that sounds to have a similar reason as JCR-3364... i couldn't find our adobe internal issue any more
but i know that we do need a fix for that.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Thomas März (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448672#comment-13448672 ]
Thomas März commented on JCR-3412:
----------------------------------
/home is another node in the default ws.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: AutorizablesTest.java.patch, JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Marcel Reutegger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448532#comment-13448532 ]
Marcel Reutegger commented on JCR-3412:
---------------------------------------
There was recently a discussion about adding a utilty jcr-commons that should make it easier to manipulate access control entries: JCR-3350.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Tobias Bocanegra (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13437982#comment-13437982 ]
Tobias Bocanegra commented on JCR-3412:
---------------------------------------
Example:
uMgr.findAuthorizables("rep:principalName", null, UserManager.SEARCH_TYPE_USER);
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Alex Parvulescu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448562#comment-13448562 ]
Alex Parvulescu commented on JCR-3412:
--------------------------------------
thanks for the suggestion Marcel.
I've tried this: AccessControlUtils.getAccessControlList(uAdmSession, path) but I only get a null back. Because of this none of the available util methods work.
other ideas?
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "Alex Parvulescu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Parvulescu updated JCR-3412:
---------------------------------
Attachment: AutorizablesTest.java.patch
Attaching a new test that extends AbstractEvaluationTest.
I see the same problem as before.
I'm tinking that this comes from the "security" workspace acl setup.
We need to reconsider this issue in the context of jackrabbit and see what exactly "/home" refers to.
Is it the acls config home ("/rep:security/rep:authorizables") on the "security" workspace or is it another node in the default ws.
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
> Attachments: AutorizablesTest.java.patch, JCR-3412.patch
>
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCR-3412:
------------------------
Component/s: security
query
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3412) UserManager.findAuthorizables() does
not work, if session does not have read access to /home
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13437705#comment-13437705 ]
angela commented on JCR-3412:
-----------------------------
which signature of the findAuthorizables did you use? that would be required to know in order to reproduce the issue.
given the exception i suspect that this is a query issue (-> adding components)
> UserManager.findAuthorizables() does not work, if session does not have read access to /home
> --------------------------------------------------------------------------------------------
>
> Key: JCR-3412
> URL: https://issues.apache.org/jira/browse/JCR-3412
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, query, security
> Affects Versions: 2.4
> Reporter: Tobias Bocanegra
>
> If the session does not have read access to /home, the UserManager.findAuthorizables() does not find anything.
> log shows:
> org.apache.jackrabbit.core.query.lucene.DescendantSelfAxisQuery Access denied to node id d8cbdd0f-4fe1-473f-b452-219a3eb3d867.
> Where as this query works, and returns the user homes the session has read access to:
> /jcr:root//element(*,rep:User)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira