You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2017/05/10 14:17:04 UTC

[jira] [Updated] (OAK-5355) Too eager refreshing of tree permissions in SecureNodeBuilder

     [ https://issues.apache.org/jira/browse/OAK-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated OAK-5355:
------------------------
    Attachment: OAK-5355.patch

proposed fix with some test for {{SecurityNodeBuilder}} and specifically for the {{SecurityNodeBuilder.baseChanged}} specifically. For the latter I added a dummy {{PermissionProvider}} implementation that does _not_ read from the repository itself... with that I actually get the impression that we have a bug here (not just an improvement) because the permission provider is refreshed only _after_ the {{SecureNodeBuilder.baseChanged}} is called.

[~mduerig], [~alex.parvulescu], I would be glad if you could take a look to see if there some mistake in the logic or assumptions of my tests illustrating the problem. 

> Too eager refreshing of tree permissions in SecureNodeBuilder
> -------------------------------------------------------------
>
>                 Key: OAK-5355
>                 URL: https://issues.apache.org/jira/browse/OAK-5355
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: core
>            Reporter: Michael Dürig
>            Assignee: angela
>              Labels: technical_debt
>             Fix For: 1.8
>
>         Attachments: OAK-5355.patch
>
>
> {{SecureNodeBuilder.baseChanged()}} calls {{SecureNodeBuilder.getTreePermission()}} even though the tree permission would be calculated lazily as needed anyway. Re-calculating the tree permissions at this point bears the risk of accessing stale data from the underlying not yet fully refreshed root (when being called e.g. from {{MutableRoot.refresh()}}. 
> I would thus argue for removing the call to {{SecureNodeBuilder.getTreePermission()}} from {{SecureNodeBuilder.baseChanged()}}. 
> See also OAK-5296 for an in-depth analysis. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)