You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@sling.apache.org by Roy Teeuwen <ro...@teeuwen.be> on 2018/03/14 12:01:11 UTC
Unlocking a resource
Hey all,
I am trying to unlock a resource in a job that needs to modify the resource or subresources, but since upgrading to service resource resolvers this doesn't seem to be supported anymore. When doing the following code, I get the exception "Not an owner of the lock /content/my-site/nl/my-page/jcr:content".
```
LockManager lockManager = resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager();
lockManager.unlock(lockedResource.getPath());
```
I tried to use the impersonate from service and then doing the unlock with a lockmanager from that session but it still is not possible to do it.
```
def session = slingRepository.impersonateFromService("my-service", new SimpleCredentials("my-user", "".toCharArray()), (String)null);
```
The only solution I have is to not use service resource resolvers, but this would be the first case where I would have to allow the login admin for a specific bundle so I would like to avoid it
Anyone has a solution for this?
Thanks!
Roy
Re: Unlocking a resource
Posted by Roy Teeuwen <ro...@teeuwen.be>.
Hey Robert,
I have tried adding the service user to the "administrators" group, and that didn't fix. So that probably means that the following code means that it has to be exactly the "admin" user?
if (a != null && !a.isGroup()) {
return ((User) a).isAdmin();
}
I guess there is no alternative than using the login whitelist then, thats a pity. And from oak 1.10 I can just drop the code of unlocking, even better hehe.
Thanks!
Roy
> On 15 Mar 2018, at 21:15, Robert Munteanu <ro...@apache.org> wrote:
>
> Hi Roy,
>
> On Wed, 2018-03-14 at 13:01 +0100, Roy Teeuwen wrote:
>> Hey all,
>>
>> I am trying to unlock a resource in a job that needs to modify the
>> resource or subresources, but since upgrading to service resource
>> resolvers this doesn't seem to be supported anymore. When doing the
>> following code, I get the exception "Not an owner of the lock
>> /content/my-site/nl/my-page/jcr:content".
>>
>> ```
>> LockManager lockManager =
>> resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager
>> ();
>> lockManager.unlock(lockedResource.getPath());
>> ```
>>
>>
>> I tried to use the impersonate from service and then doing the unlock
>> with a lockmanager from that session but it still is not possible to
>> do it.
>>
>> ```
>> def session = slingRepository.impersonateFromService("my-service",
>> new SimpleCredentials("my-user", "".toCharArray()), (String)null);
>> ```
>>
>> The only solution I have is to not use service resource resolvers,
>> but this would be the first case where I would have to allow the
>> login admin for a specific bundle so I would like to avoid it
>>
>> Anyone has a solution for this?
>
> My reading of the Oak code at [1] is that you either need to be an
> admin user or the lock owner to unlock.
>
> Also note [2], which means that this area is unlikely to see
> improvements in the future.
>
> Robert
>
>
> [1]: https://github.com/apache/jackrabbit-oak/blob/8f7bc6578cc2b5e8ecb2
> dd1544d771951678d011/oak-
> jcr/src/main/java/org/apache/jackrabbit/oak/jcr/lock/LockManagerImpl.ja
> va#L196-L207
> [2]: https://issues.apache.org/jira/browse/OAK-6421
Re: Unlocking a resource
Posted by Robert Munteanu <ro...@apache.org>.
Hi Roy,
On Wed, 2018-03-14 at 13:01 +0100, Roy Teeuwen wrote:
> Hey all,
>
> I am trying to unlock a resource in a job that needs to modify the
> resource or subresources, but since upgrading to service resource
> resolvers this doesn't seem to be supported anymore. When doing the
> following code, I get the exception "Not an owner of the lock
> /content/my-site/nl/my-page/jcr:content".
>
> ```
> LockManager lockManager =
> resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager
> ();
> lockManager.unlock(lockedResource.getPath());
> ```
>
>
> I tried to use the impersonate from service and then doing the unlock
> with a lockmanager from that session but it still is not possible to
> do it.
>
> ```
> def session = slingRepository.impersonateFromService("my-service",
> new SimpleCredentials("my-user", "".toCharArray()), (String)null);
> ```
>
> The only solution I have is to not use service resource resolvers,
> but this would be the first case where I would have to allow the
> login admin for a specific bundle so I would like to avoid it
>
> Anyone has a solution for this?
My reading of the Oak code at [1] is that you either need to be an
admin user or the lock owner to unlock.
Also note [2], which means that this area is unlikely to see
improvements in the future.
Robert
[1]: https://github.com/apache/jackrabbit-oak/blob/8f7bc6578cc2b5e8ecb2
dd1544d771951678d011/oak-
jcr/src/main/java/org/apache/jackrabbit/oak/jcr/lock/LockManagerImpl.ja
va#L196-L207
[2]: https://issues.apache.org/jira/browse/OAK-6421