You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "christian (JIRA)" <ji...@apache.org> on 2008/09/05 13:55:44 UTC

[jira] Created: (JCR-1729) Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor

Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor
---------------------------------------------------------------------------------------------

                 Key: JCR-1729
                 URL: https://issues.apache.org/jira/browse/JCR-1729
             Project: Jackrabbit
          Issue Type: Bug
          Components: jackrabbit-core
            Reporter: christian
            Priority: Minor


Consider a Session that has following permissions:
/home  -> no permission
/home/myself -> read|remove|set_property|add_node

if this session tries to add a Node to /home/myself.
An AccessDeniedException is thrown indicateing that it can not read /home.

The Exception is caused by the Node's check, if it is checked-out.
This check asumes that the session has read-access to all its ancestors.
Which breaks in this case:

see NodeImpl internalIsCheckedOut()   (ln 3875)


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-1729) Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor

Posted by "christian (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635745#action_12635745 ] 

christian commented on JCR-1729:
--------------------------------

I observed it in a core version 1.4.5 and in the head version.

> Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core
>            Reporter: christian
>            Priority: Minor
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-1729) Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor

Posted by "angela (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated JCR-1729:
------------------------

    Attachment: JCR-1729.diff

suggested fix + test

> Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>         Attachments: JCR-1729.diff
>
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JCR-1729) Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor

Posted by "angela (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved JCR-1729.
-------------------------

       Resolution: Fixed
    Fix Version/s: 1.6.0

> Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>             Fix For: 1.6.0
>
>         Attachments: JCR-1729.diff
>
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JCR-1729) Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor

Posted by "Micah Whitacre (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12628628#action_12628628 ] 

Micah Whitacre commented on JCR-1729:
-------------------------------------

what version of jackrabbit-core are you working with?

> Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core
>            Reporter: christian
>            Priority: Minor
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-1729) Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor

Posted by "angela (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated JCR-1729:
------------------------

    Summary: Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor  (was: Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor)

> Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-1729) Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor

Posted by "angela (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated JCR-1729:
------------------------

    Component/s: security

> Node#addNode failes with AccessDeniedException if session lacks read-permission to an acestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JCR-1729) Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor

Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jukka Zitting updated JCR-1729:
-------------------------------

    Fix Version/s:     (was: 1.6.0)
                   1.5.0

Merged to the 1.5 branch.

> Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor
> ---------------------------------------------------------------------------------------------
>
>                 Key: JCR-1729
>                 URL: https://issues.apache.org/jira/browse/JCR-1729
>             Project: Jackrabbit
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: christian
>            Priority: Minor
>             Fix For: 1.5.0
>
>         Attachments: JCR-1729.diff
>
>
> Consider a Session that has following permissions:
> /home  -> no permission
> /home/myself -> read|remove|set_property|add_node
> if this session tries to add a Node to /home/myself.
> An AccessDeniedException is thrown indicateing that it can not read /home.
> The Exception is caused by the Node's check, if it is checked-out.
> This check asumes that the session has read-access to all its ancestors.
> Which breaks in this case:
> see NodeImpl internalIsCheckedOut()   (ln 3875)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.