You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2020/09/23 12:00:00 UTC
[jira] [Comment Edited] (OAK-9224) Create a protected property
importer for handling user tokens
[ https://issues.apache.org/jira/browse/OAK-9224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17200776#comment-17200776 ]
Angela Schreiber edited comment on OAK-9224 at 9/23/20, 11:59 AM:
------------------------------------------------------------------
[~tomek.rekawek], why should token nodes be imported? they are generated upon login and intended to contain tokens with a very limited life-time that are expected to expire. so yes, we didn't have a use case so far :). maybe it would be better to ignore the token nodes altogether (like we do e.g. with the principal cache nodes (see {{UserImporter}} line 330)?
but maybe you can first share a bit of context on why and where you think this is needed?
was (Author: anchela):
[~tomek.rekawek], why should token nodes be imported? they are generated upon login and intended to contain tokens with a very limited life-time that are expected to expire. so yes, we didn't have a use case so far :). maybe it would be better to ignore the token nodes altogether (like we do e.g. with the principal cache nodes (see {{UserImporter}} line 330)?
> Create a protected property importer for handling user tokens
> -------------------------------------------------------------
>
> Key: OAK-9224
> URL: https://issues.apache.org/jira/browse/OAK-9224
> Project: Jackrabbit Oak
> Issue Type: Story
> Components: core, security
> Reporter: Tomek Rękawek
> Assignee: Tomek Rękawek
> Priority: Major
> Fix For: 1.36.0
>
>
> An attempt to invoke {{javax.jcr.Session#importXML()}} on a payload including exported {{rep:User}} nodes will fail with the following message if the {{.tokens}} subnode is not empty:
> {noformat}
> javax.jcr.nodetype.ConstraintViolationException: OakConstraint0021: /home/users/5/5d60zjEABcbAjvqo8SyI/.tokens/50c611f9-9886-4124-ada6-e224ffeead8e[[rep:Token]]: Mandatory property rep:token.key not found in a new node
> at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:226) [org.apache.jackrabbit.oak-api:1.34.0]
> at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:213) [org.apache.jackrabbit.oak-api:1.34.0]
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:677) [org.apache.jackrabbit.oak-jcr:1.34.0]
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:503) [org.apache.jackrabbit.oak-jcr:1.34.0]
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:424) [org.apache.jackrabbit.oak-jcr:1.34.0]
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:273) [org.apache.jackrabbit.oak-jcr:1.34.0]
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:421) [org.apache.jackrabbit.oak-jcr:1.34.0]
> at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:207) [com.adobe.granite.repository:1.6.100]
> {noformat}
> The reason is that all the properties in rep:Token nodes are protected:
> {noformat}
> [rep:Token] > mix:referenceable
> - rep:token.key (string) mandatory protected
> - rep:token.exp (date) mandatory protected
> - * (undefined) protected
> - * (undefined) protected multiple
> {noformat}
> and they'll be skipped by the importer unless there's a custom ProtectedPropertyImporter implementation handling them:
> https://github.com/apache/jackrabbit-oak/blob/bb749cac90617f9350189599f5f63ec20da7c490/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/xml/ImporterImpl.java#L278-L288
> The goal of this story is to create such implementation, so the tokens can be imported together with the rest of the {{rep:User}} subtree.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)