You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/10/01 14:48:26 UTC
[jira] [Updated] (JCRVLT-99) Creating a package using package
manager API requires read access to root node
[ https://issues.apache.org/jira/browse/JCRVLT-99?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCRVLT-99:
-------------------------
Attachment: filevault_root_access.txt
[~tripod], in the attached {{filevault_root_access.txt}} you can find the complete result for searching the jcrvlt code base for {{getRootNode}}. some seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that others might require some attention.
if using the functionality provided with a non-admin session, access to the root node is likely to not be granted thus rendering the filevault unusable (or risking privilege escalations by being forced to grant a non-privileged session full access up to the root node).
> Creating a package using package manager API requires read access to root node
> ------------------------------------------------------------------------------
>
> Key: JCRVLT-99
> URL: https://issues.apache.org/jira/browse/JCRVLT-99
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Reporter: Marc Pfaff
> Attachments: filevault_root_access.txt
>
>
> When creating a package using PackageManagerImpl.assemble() the package manager session used always requires read access to the root node, due to the call to Session.getRootNode().
> {code}
> Caused by: javax.jcr.AccessDeniedException: Root node is not accessible.
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:304)
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:298)
> at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:209)
> at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getRootNode(SessionImpl.java:298)
> at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.getPackageRoot(JcrPackageManagerImpl.java:637)
> at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.listPackages(JcrPackageManagerImpl.java:683)
> at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.validateSubPackages(JcrPackageManagerImpl.java:490)
> at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:458)
> at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:447)
> {code}
> I'm using version 3.1.20 (as reported by felix console), but somehow this version is not available in the Jira "Affects Version/s" field.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)