You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2017/05/10 14:17:04 UTC
[jira] [Updated] (OAK-5355) Too eager refreshing of tree
permissions in SecureNodeBuilder
[ https://issues.apache.org/jira/browse/OAK-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated OAK-5355:
------------------------
Attachment: OAK-5355.patch
proposed fix with some test for {{SecurityNodeBuilder}} and specifically for the {{SecurityNodeBuilder.baseChanged}} specifically. For the latter I added a dummy {{PermissionProvider}} implementation that does _not_ read from the repository itself... with that I actually get the impression that we have a bug here (not just an improvement) because the permission provider is refreshed only _after_ the {{SecureNodeBuilder.baseChanged}} is called.
[~mduerig], [~alex.parvulescu], I would be glad if you could take a look to see if there some mistake in the logic or assumptions of my tests illustrating the problem.
> Too eager refreshing of tree permissions in SecureNodeBuilder
> -------------------------------------------------------------
>
> Key: OAK-5355
> URL: https://issues.apache.org/jira/browse/OAK-5355
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: core
> Reporter: Michael Dürig
> Assignee: angela
> Labels: technical_debt
> Fix For: 1.8
>
> Attachments: OAK-5355.patch
>
>
> {{SecureNodeBuilder.baseChanged()}} calls {{SecureNodeBuilder.getTreePermission()}} even though the tree permission would be calculated lazily as needed anyway. Re-calculating the tree permissions at this point bears the risk of accessing stale data from the underlying not yet fully refreshed root (when being called e.g. from {{MutableRoot.refresh()}}.
> I would thus argue for removing the call to {{SecureNodeBuilder.getTreePermission()}} from {{SecureNodeBuilder.baseChanged()}}.
> See also OAK-5296 for an in-depth analysis.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)