[ https://issues.apache.org/jira/browse/OAK-6467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Deparvu updated OAK-6467: ------------------------------ Description: There's a case where the {{CompositePermissionProvider}} can create an invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}} object. It can return a {{NO_RECOURSE}} if there's a single provider configured (like the CUG) that is not able to handle that specific check. {noformat} java.lang.UnsupportedOperationException: null at org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission$3.canRead(TreePermission.java:212) at org.apache.jackrabbit.oak.core.SecureNodeBuilder.exists(SecureNodeBuilder.java:128) at org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree.exists(AbstractTree.java:225) at org.apache.jackrabbit.oak.core.MutableTree.exists(MutableTree.java:122) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getNode(SessionDelegate.java:427) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getRootNode(SessionDelegate.java:415) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getItem(SessionDelegate.java:440) at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemInternal(SessionImpl.java:166) at org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$400(SessionImpl.java:81) at org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:228) at org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:225) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:243) at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemOrNull(SessionImpl.java:225) {noformat} was:There's a case where the {{CompositePermissionProvider}} can create an invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}} object. It can return a {{NO_RECOURSE}} if there's a single provider configured (like the CUG) that is not able to handle that specific check. > CompositeTreePermission can create an invalid TreePermsssion object > ------------------------------------------------------------------- > > Key: OAK-6467 > URL: https://issues.apache.org/jira/browse/OAK-6467 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core, security > Reporter: Alex Deparvu > Assignee: Alex Deparvu > Fix For: 1.7.4 > > > There's a case where the {{CompositePermissionProvider}} can create an > invalid {{TreePermsssion}} instance via the {{CompositeTreePermission}} > object. It can return a {{NO_RECOURSE}} if there's a single provider > configured (like the CUG) that is not able to handle that specific check. > {noformat} > java.lang.UnsupportedOperationException: null > at > org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission$3.canRead(TreePermission.java:212) > at > org.apache.jackrabbit.oak.core.SecureNodeBuilder.exists(SecureNodeBuilder.java:128) > at > org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree.exists(AbstractTree.java:225) > at > org.apache.jackrabbit.oak.core.MutableTree.exists(MutableTree.java:122) > at > org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getNode(SessionDelegate.java:427) > at > org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getRootNode(SessionDelegate.java:415) > at > org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.getItem(SessionDelegate.java:440) > at > org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemInternal(SessionImpl.java:166) > at > org.apache.jackrabbit.oak.jcr.session.SessionImpl.access$400(SessionImpl.java:81) > at > org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:228) > at > org.apache.jackrabbit.oak.jcr.session.SessionImpl$3.performNullable(SessionImpl.java:225) > at > org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performNullable(SessionDelegate.java:243) > at > org.apache.jackrabbit.oak.jcr.session.SessionImpl.getItemOrNull(SessionImpl.java:225) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)