[
https://issues.apache.org/jira/browse/JCR-4033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15605590#comment-15605590
]
Julian Reschke edited comment on JCR-4033 at 10/25/16 4:52 PM:
---------------------------------------------------------------
[~essob...@yahoo.com] - I had a look and I agree with both analysis and the
proposed patch (which I applied more or less verbatim).
Let me know if you need this backported to any stable branch.
was (Author: reschke):
[~essob...@yahoo.com] - I'll have a look.
> Session Leak in case of an exception inside the constructor of SessionImpl
> --------------------------------------------------------------------------
>
> Key: JCR-4033
> URL: https://issues.apache.org/jira/browse/JCR-4033
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.13.1
> Reporter: Nicolas FILOTTO
> Assignee: Julian Reschke
> Priority: Minor
> Fix For: 2.13.5
>
> Attachments: JCR-4033.patch
>
>
> If an exception occurs inside the constructor of SessionImpl, the session is
> then partially created but it is still considered as alive and a live session
> that is about to be GCed is considered as a session leak by the current code
> such that we get a warning of type
> {code}
> WARN o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The
> session was opened here:
> java.lang.Exception: Stack Trace
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> at
> org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> {code}
> One concrete use case is an attempt to login with correct credentials but
> without enough rights to access to a given workspace, we then get a
> Workspace access denied which occurs in the constructor of SessionImpl so we
> finally get the warning indicating that we have a session leak which should
> not be the case here.
> The code to reproduce:
> {code:java}
> Session session = repository.login(creds); //here are creds for user without
> permissions, just for testing
> {code}
> The stack trace:
> {code}
> Caused by: javax.jcr.LoginException: Workspace access denied
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
> at
> org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
> at ttt.createSession(RepositoryManager.java:132)
> ... 51 common frames omitted
> Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace
> default
> at
> org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
> at
> org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
> at
> org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
> at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
> at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
> at
> org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
> at
> org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
> {code}
> More details in this post
> http://stackoverflow.com/questions/39163571/jackrabbit-unclosed-session-detected-on-accessdeniedexception-but-session-is-nul
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
