[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177987#comment-15177987
]
angela commented on OAK-4086:
-
thanks for the update.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: jcr
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
> Attachments: OAK-4086.patch, OakUsage.zip
>
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177932#comment-15177932
]
Marco Piovesana commented on OAK-4086:
--
You're right,
the problem is generated by my custom login module. I'm sorry you had to spend
time on this and thanks for the help.
Marco.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: jcr
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
> Attachments: OAK-4086.patch, OakUsage.zip
>
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177878#comment-15177878
]
angela commented on OAK-4086:
-
well... the following lines won't work with jackrabbit 2.x
{code}
NodeStore nodeStore =
SegmentNodeStore.newSegmentNodeStore(repositoryStore).create();
Jcr jcr = new Jcr(nodeStore).with(new InitialContent()).with(new
CustomSecurityProviderImpl());
repository = jcr.createRepository();
{code}
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: jcr
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
> Attachments: OAK-4086.patch
>
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177840#comment-15177840
]
angela commented on OAK-4086:
-
thanks for the test. i will try to reproduce it.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: jcr
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177799#comment-15177799
]
Marco Piovesana commented on OAK-4086:
--
I tried the exact same code with jackrabbit 2.12.1 and TransientRepository and
it does work correctly.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177794#comment-15177794
]
Marco Piovesana commented on OAK-4086:
--
here is the complete code:
{code:java}
Session sessionAdmin = repository.login(new SimpleCredentials("admin",
"admin".toCharArray()));
UserManager userManager = ((SessionImpl) sessionAdmin).getUserManager();
Node testfolder = sessionAdmin.getRootNode().addNode("/testfolder");
sessionAdmin.save();
Group myTestGroup = userManager.createGroup("MyUsersGroup");
sessionAdmin.save();
User newUser = userManager.createUser("marco", "password", new
UserPrincipal("marco"), null);
myTestGroup.addMember(newUser);
sessionAdmin.save();
boolean allow = AccessControlUtils.allow(testfolder,
myTestGroup.getPrincipal().getName(), new String[]{Privilege.JCR_READ});
sessionAdmin.save();
sessionAdmin.logout();
Session userSession = repository.login(new SimpleCredentials("marco",
"password".toCharArray()));
Node node = userSession.getNode("/testfolder"); //here the code fails because
the node is not found!!
{code}
i did save the changes before logging in as "marco". I'm Sorry that I didn't
mention it before.
Marco.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[
https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177781#comment-15177781
]
angela commented on OAK-4086:
-
[~iosonomarco], the code above doesn't save the changes made with the
adminSession; that could explain why it's not working. if you have the save in
your code, may i kindly ask you to provide a simple test-case that illustrates
the problem? thanks.
> Group membership not verified during permission verification
>
>
> Key: OAK-4086
> URL: https://issues.apache.org/jira/browse/OAK-4086
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
>Affects Versions: 1.3.16
>Reporter: Marco Piovesana
>
> I have a group called "MyUsers" containing a user called "marco". I've
> created a folder called "testfolder" with admin account and i granted read
> permission to the "MyUsers" group:
> {code:java}
> Node testfolder = adminSession.getNode("/testfolder");
> boolean allow = AccessControlUtils.allow(testfolder,
> myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ});
> {code}
> When I login as "marco", if i try to find that folder i get an error saying
> that the folder doesn't exists (user does not have tthe permission to read
> it). It works only if I grant the READ permission directly to the user.
> {code:java}
> Session usrSession = repository.login(new SimpleCredentials("marco",
> "password".toCharArray()));
> Node node = usrSession.getNode("/testfolder"); //here the code fails because
> the node is not found!!
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
