[
https://issues.apache.org/jira/browse/JCR-3927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kamil updated JCR-3927:
-----------------------
Description:
When I create JCR User and assign some privileges to him:
{noformat}
Session session = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()), "workspace");
UserManager userManager = ((JackrabbitSession)session).getUserManager();
Principal principal = userManager.createUser("test", "test").getPrincipal();
JackrabbitAccessControlList jacl = null;
JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
session.getAccessControlManager();
JackrabbitAccessControlPolicy[] policies = acManager.getPolicies(principal);
if (policies.length == 0) {
// No policies yet. Create one from the applicablePolicies
policies = acManager.getApplicablePolicies(principal);
}
jacl = (JackrabbitAccessControlList) policies[0];
Privilege[] privileges = new
Privilege[]{acManager.privilegeFromName(Privilege.JCR_ALL)};
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH)); //and
some other restrictions
jacl.addEntry(principal, privileges, true, restrictions);
acManager.setPolicy(jacl.getPath(), jacl);
session.save();
{noformat}
and then I print out all the nodes:
{noformat}
QueryManager manager = session.getWorkspace().getQueryManager();
Query query = manager.createQuery("SELECT * FROM [nt:base] AS n",
Query.JCR_SQL2);
NodeIterator res = query.execute().getNodes();
while (res.hasNext()) {
Node n = res.nextNode();
System.out.println(String.format("%s: %s", n.getIdentifier(), n));
}
{noformat}
Then I receive this:
{noformat}
cafebabe-cafe-babe-cafe-babecafebabe: node /
e482b4ff-8faa-42e1-a534-25373d5abfbc: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
/rep:accesscontrol/rep:security/rep:authorizables
f900633b-09af-44b6-bb1f-151e283df245: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy
88fcb55b-efb2-40f3-90c1-976ba2a0c9fe: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry2
464d7a4b-1268-49cf-a4c8-59cb9d6d800c: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry0
84b93de7-d727-43d9-b49a-0bff86fbfef6: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry1
9d3072ef-cd6c-4cf4-b726-4527fb0ab5b4: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry
28bd07a8-ad99-4e06-a968-c863232a22a0: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
{noformat}
But when I delete the user:
{noformat}
JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
session.getAccessControlManager();
JackrabbitAccessControlList jacl = //previously obtained JACL
acManager.removePolicy(jacl.getPath(), jacl);
authorizable.remove();
session.save();
{noformat}
and print out all nodes again, I receive this output:
{noformat}
cafebabe-cafe-babe-cafe-babecafebabe: node /
e482b4ff-8faa-42e1-a534-25373d5abfbc: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
/rep:accesscontrol/rep:security/rep:authorizables
28bd07a8-ad99-4e06-a968-c863232a22a0: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
{noformat}
so these nodes:
{noformat}
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
{noformat}
are still there instead of being removed.
was:
When I create JCR User and assign some privileges to him:
{noformat}
Session session = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()), "workspace");
UserManager userManager = ((JackrabbitSession)session).getUserManager();
Principal principal = userManager.createUser("test", "test").getPrincipal();
JackrabbitAccessControlList jacl = null;
JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
session.getAccessControlManager();
JackrabbitAccessControlPolicy[] policies = acManager.getPolicies(principal);
if (policies.length == 0) {
// No policies yet. Create one from the applicablePolicies
policies = acManager.getApplicablePolicies(principal);
}
jacl = (JackrabbitAccessControlList) policies[0];
Privilege[] privileges = new
Privilege[]{acManager.privilegeFromName(Privilege.JCR_ALL)};
Map<String, Value> restrictions = new HashMap<String, Value>();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH)); //and
some other restrictions
jacl.addEntry(principal, privileges, true, restrictions);
acManager.setPolicy(jacl.getPath(), jacl);
session.save();
{noformat}
and then I print out all the nodes:
{noformat}
QueryManager manager = session.getWorkspace().getQueryManager();
Query query = manager.createQuery("SELECT * FROM [nt:base] AS n ORDER BY NAME
ASC", Query.JCR_SQL2);
NodeIterator res = query.execute().getNodes();
while (res.hasNext()) {
Node n = res.nextNode();
System.out.println(String.format("%s: %s", n.getIdentifier(), n));
}
{noformat}
Then I receive this:
{noformat}
cafebabe-cafe-babe-cafe-babecafebabe: node /
e482b4ff-8faa-42e1-a534-25373d5abfbc: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
/rep:accesscontrol/rep:security/rep:authorizables
f900633b-09af-44b6-bb1f-151e283df245: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy
88fcb55b-efb2-40f3-90c1-976ba2a0c9fe: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry2
464d7a4b-1268-49cf-a4c8-59cb9d6d800c: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry0
84b93de7-d727-43d9-b49a-0bff86fbfef6: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry1
9d3072ef-cd6c-4cf4-b726-4527fb0ab5b4: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry
28bd07a8-ad99-4e06-a968-c863232a22a0: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
{noformat}
But when I delete the user:
{noformat}
JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
session.getAccessControlManager();
JackrabbitAccessControlList jacl = //previously obtained JACL
acManager.removePolicy(jacl.getPath(), jacl);
authorizable.remove();
session.save();
{noformat}
and print out all nodes again, I receive this output:
{noformat}
cafebabe-cafe-babe-cafe-babecafebabe: node /
e482b4ff-8faa-42e1-a534-25373d5abfbc: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
/rep:accesscontrol/rep:security/rep:authorizables
28bd07a8-ad99-4e06-a968-c863232a22a0: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
{noformat}
so these nodes:
{noformat}
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
/rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
{noformat}
are still there instead of being removed.
> UserManager doesn't clean removed user nodes
> --------------------------------------------
>
> Key: JCR-3927
> URL: https://issues.apache.org/jira/browse/JCR-3927
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Reporter: Kamil
>
> When I create JCR User and assign some privileges to him:
> {noformat}
> Session session = repository.login(new SimpleCredentials("admin",
> "admin".toCharArray()), "workspace");
> UserManager userManager = ((JackrabbitSession)session).getUserManager();
> Principal principal = userManager.createUser("test", "test").getPrincipal();
> JackrabbitAccessControlList jacl = null;
> JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
> session.getAccessControlManager();
> JackrabbitAccessControlPolicy[] policies = acManager.getPolicies(principal);
> if (policies.length == 0) {
> // No policies yet. Create one from the applicablePolicies
> policies = acManager.getApplicablePolicies(principal);
> }
> jacl = (JackrabbitAccessControlList) policies[0];
> Privilege[] privileges = new
> Privilege[]{acManager.privilegeFromName(Privilege.JCR_ALL)};
> Map<String, Value> restrictions = new HashMap<String, Value>();
> ValueFactory vf = session.getValueFactory();
> restrictions.put("rep:nodePath", vf.createValue("/", PropertyType.PATH));
> //and some other restrictions
> jacl.addEntry(principal, privileges, true, restrictions);
> acManager.setPolicy(jacl.getPath(), jacl);
> session.save();
> {noformat}
> and then I print out all the nodes:
> {noformat}
> QueryManager manager = session.getWorkspace().getQueryManager();
> Query query = manager.createQuery("SELECT * FROM [nt:base] AS n",
> Query.JCR_SQL2);
> NodeIterator res = query.execute().getNodes();
> while (res.hasNext()) {
> Node n = res.nextNode();
> System.out.println(String.format("%s: %s", n.getIdentifier(), n));
> }
> {noformat}
> Then I receive this:
> {noformat}
> cafebabe-cafe-babe-cafe-babecafebabe: node /
> e482b4ff-8faa-42e1-a534-25373d5abfbc: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
> b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
> 2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
> /rep:accesscontrol/rep:security/rep:authorizables
> f900633b-09af-44b6-bb1f-151e283df245: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy
> 88fcb55b-efb2-40f3-90c1-976ba2a0c9fe: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry2
> 464d7a4b-1268-49cf-a4c8-59cb9d6d800c: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry0
> 84b93de7-d727-43d9-b49a-0bff86fbfef6: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry1
> 9d3072ef-cd6c-4cf4-b726-4527fb0ab5b4: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test/rep:policy/entry
> 28bd07a8-ad99-4e06-a968-c863232a22a0: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
> deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
> deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
> {noformat}
> But when I delete the user:
> {noformat}
> JackrabbitAccessControlManager acManager = (JackrabbitAccessControlManager)
> session.getAccessControlManager();
> JackrabbitAccessControlList jacl = //previously obtained JACL
> acManager.removePolicy(jacl.getPath(), jacl);
> authorizable.remove();
> session.save();
> {noformat}
> and print out all nodes again, I receive this output:
> {noformat}
> cafebabe-cafe-babe-cafe-babecafebabe: node /
> e482b4ff-8faa-42e1-a534-25373d5abfbc: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> d0f7f4b5-f61f-457f-9b8f-0683bb937c5e: node /rep:accesscontrol
> b9446997-df48-4552-8ef9-cb4bdffcee53: node /rep:accesscontrol/rep:security
> 2a90eeb3-60d0-4f92-9175-d141c4c337e0: node
> /rep:accesscontrol/rep:security/rep:authorizables
> 28bd07a8-ad99-4e06-a968-c863232a22a0: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> deadbeef-cafe-babe-cafe-babecafebabe: node /jcr:system
> deadbeef-face-babe-cafe-babecafebabe: node /jcr:system/jcr:versionStorage
> deadbeef-face-babe-ac71-babecafebabe: node /jcr:system/jcr:activities
> {noformat}
> so these nodes:
> {noformat}
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te/test
> 4e4311f6-f984-4605-88ae-c6ad5e6475cf: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t
> 48b1f67e-f70a-4c77-8f0f-3952fefaf0b8: node
> /rep:accesscontrol/rep:security/rep:authorizables/rep:users/t/te
> {noformat}
> are still there instead of being removed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
