[
https://issues.apache.org/jira/browse/OAK-6467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Deparvu updated OAK-6467:
------------------------------
Description:
There's a case where the {{CompositePermissionProvider}} can create an invalid
{{TreePermsssion}} instance via the {{CompositeTreePermission}} object. It can
return a {{NO_RECOURSE}} if there's a single provider configured (like the CUG)
that is not able to handle that specific check.
{noformat}
java.lang.UnsupportedOperationException: null
at
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission$3.canRead(TreePermission.java:212)
at
org.apache.jackrabbit.oak.core.SecureNodeBuilder.exists(SecureNodeBuilder.java:128)
at
org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree.exists(AbstractTree.java:225)
at
org.apache.jackrabbit.oak.core.MutableTree.exists(MutableTree.java:122)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getNode(SessionDelegate.java:427)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getRootNode(SessionDelegate.java:415)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getItem(SessionDelegate.java:440)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemInternal(SessionImpl.java:166)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$400(SessionImpl.java:81)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:228)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:225)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:243)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemOrNull(SessionImpl.java:225)
{noformat}
was:There's a case where the {{CompositePermissionProvider}} can create an
invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}} object.
It can return a {{NO_RECOURSE}} if there's a single provider configured (like
the CUG) that is not able to handle that specific check.
> CompositeTreePermission can create an invalid TreePermsssion object
> -------------------------------------------------------------------
>
> Key: OAK-6467
> URL: https://issues.apache.org/jira/browse/OAK-6467
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core, security
> Reporter: Alex Deparvu
> Assignee: Alex Deparvu
> Fix For: 1.7.4
>
>
> There's a case where the {{CompositePermissionProvider}} can create an
> invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}}
> object. It can return a {{NO_RECOURSE}} if there's a single provider
> configured (like the CUG) that is not able to handle that specific check.
> {noformat}
> java.lang.UnsupportedOperationException: null
> at
> org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission$3.canRead(TreePermission.java:212)
> at
> org.apache.jackrabbit.oak.core.SecureNodeBuilder.exists(SecureNodeBuilder.java:128)
> at
> org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree.exists(AbstractTree.java:225)
> at
> org.apache.jackrabbit.oak.core.MutableTree.exists(MutableTree.java:122)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getNode(SessionDelegate.java:427)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getRootNode(SessionDelegate.java:415)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getItem(SessionDelegate.java:440)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemInternal(SessionImpl.java:166)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$400(SessionImpl.java:81)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:228)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:225)
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:243)
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemOrNull(SessionImpl.java:225)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
