[
https://issues.apache.org/jira/browse/JCR-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicolas FILOTTO updated JCR-4033:
---------------------------------
Description:
If an exception occurs inside the constructor of SessionImpl, the session is
then partially created but it is still considered as alive and a live session
that is about to be GCed is considered as a session leak by the current code
such that we get a warning of type
{code}
WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session
was opened here:
java.lang.Exception: Stack Trace
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
at
org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
at
org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
at
org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
at ttt.createSession(RepositoryManager.java:132)
{code}
One concrete use case is an attempt to login with correct credentials but
without enough rights to access to a given workspace, we then get a Workspace
access denied which occurs in the constructor of SessionImpl so we finally get
the warning indicating that we have a session leak which should not be the case
here.
The code to reproduce:
{code:java}
Session session = repository.login(creds); //here are creds for user without
permissions, just for testing
{code}
The stack trace:
{code}
Caused by: javax.jcr.LoginException: Workspace access denied
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
at
org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
at ttt.createSession(RepositoryManager.java:132)
... 51 common frames omitted
Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace
default
at
org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
at
org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
at
org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
at
org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
at
org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
{code}
More details in this post
http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
was:
If an exception occurs inside the constructor of SessionImpl, the session is
then partially created but it is still considered as alive and a live session
that is about to be GCed is considered as a session leak by the current code
such that we get a warning of type
{code:text}
WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session
was opened here:
java.lang.Exception: Stack Trace
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
at
org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
at
org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
at
org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
at ttt.createSession(RepositoryManager.java:132)
{code}
One concrete use case is an attempt to login with correct credentials but
without enough rights to access to a given workspace, we then get a Workspace
access denied which occurs in the constructor of SessionImpl so we finally get
the warning indicating that we have a session leak which should not be the case
here.
The code to reproduce:
{code:java}
try {
session = repository.login(creds); //here are creds for user
without permissions, just for testing
} catch (Throwable t) {
if (session != null) {
session.logout();
}
Throwables.propagateIfInstanceOf(t,
javax.jcr.RepositoryException.class);
throw Throwables.propagate(t);
}
{code}
The stack trace:
{code:txt}
Caused by: javax.jcr.LoginException: Workspace access denied
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
at
org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
at ttt.createSession(RepositoryManager.java:132)
... 51 common frames omitted
Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace
default
at
org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
at
org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
at
org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
at
org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
at
org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
{code}
More details in this post
http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
> Session Leak in case of an exception inside the constructor of SessionImpl
> --------------------------------------------------------------------------
>
> Key: JCR-4033
> URL: https://issues.apache.org/jira/browse/JCR-4033
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.13.1
> Reporter: Nicolas FILOTTO
>
> If an exception occurs inside the constructor of SessionImpl, the session is
> then partially created but it is still considered as alive and a live session
> that is about to be GCed is considered as a session leak by the current code
> such that we get a warning of type
> {code}
> WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The
> session was opened here:
> java.lang.Exception: Stack Trace
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> at
> org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> {code}
> One concrete use case is an attempt to login with correct credentials but
> without enough rights to access to a given workspace, we then get a
> Workspace access denied which occurs in the constructor of SessionImpl so we
> finally get the warning indicating that we have a session leak which should
> not be the case here.
> The code to reproduce:
> {code:java}
> Session session = repository.login(creds); //here are creds for user without
> permissions, just for testing
> {code}
> The stack trace:
> {code}
> Caused by: javax.jcr.LoginException: Workspace access denied
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
> at
> org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> ... 51 common frames omitted
> Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace
> default
> at
> org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
> at
> org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
> at
> org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> {code}
> More details in this post
> http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
