You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Julian Reschke (JIRA)" <ji...@apache.org> on 2016/10/25 15:18:58 UTC
[jira] [Updated] (JCR-4033) Session Leak in case of an exception
inside the constructor of SessionImpl
[ https://issues.apache.org/jira/browse/JCR-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Julian Reschke updated JCR-4033:
--------------------------------
Priority: Minor (was: Major)
> Session Leak in case of an exception inside the constructor of SessionImpl
> --------------------------------------------------------------------------
>
> Key: JCR-4033
> URL: https://issues.apache.org/jira/browse/JCR-4033
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.13.1
> Reporter: Nicolas FILOTTO
> Assignee: Julian Reschke
> Priority: Minor
> Attachments: JCR-4033.patch
>
>
> If an exception occurs inside the constructor of SessionImpl, the session is then partially created but it is still considered as alive and a live session that is about to be GCed is considered as a session leak by the current code such that we get a warning of type
> {code}
> WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session was opened here:
> java.lang.Exception: Stack Trace
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> {code}
> One concrete use case is an attempt to login with correct credentials but without enough rights to access to a given workspace, we then get a Workspace access denied which occurs in the constructor of SessionImpl so we finally get the warning indicating that we have a session leak which should not be the case here.
> The code to reproduce:
> {code:java}
> Session session = repository.login(creds); //here are creds for user without permissions, just for testing
> {code}
> The stack trace:
> {code}
> Caused by: javax.jcr.LoginException: Workspace access denied
> at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
> at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> ... 51 common frames omitted
> Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace default
> at org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
> at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
> at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> {code}
> More details in this post http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)