[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177987#comment-15177987 ] angela commented on OAK-4086: - thanks for the update. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: jcr >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > Attachments: OAK-4086.patch, OakUsage.zip > > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177932#comment-15177932 ] Marco Piovesana commented on OAK-4086: -- You're right, the problem is generated by my custom login module. I'm sorry you had to spend time on this and thanks for the help. Marco. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: jcr >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > Attachments: OAK-4086.patch, OakUsage.zip > > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177878#comment-15177878 ] angela commented on OAK-4086: - well... the following lines won't work with jackrabbit 2.x {code} NodeStore nodeStore = SegmentNodeStore.newSegmentNodeStore(repositoryStore).create(); Jcr jcr = new Jcr(nodeStore).with(new InitialContent()).with(new CustomSecurityProviderImpl()); repository = jcr.createRepository(); {code} > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: jcr >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > Attachments: OAK-4086.patch > > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177840#comment-15177840 ] angela commented on OAK-4086: - thanks for the test. i will try to reproduce it. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: jcr >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177799#comment-15177799 ] Marco Piovesana commented on OAK-4086: -- I tried the exact same code with jackrabbit 2.12.1 and TransientRepository and it does work correctly. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177794#comment-15177794 ] Marco Piovesana commented on OAK-4086: -- here is the complete code: {code:java} Session sessionAdmin = repository.login(new SimpleCredentials("admin", "admin".toCharArray())); UserManager userManager = ((SessionImpl) sessionAdmin).getUserManager(); Node testfolder = sessionAdmin.getRootNode().addNode("/testfolder"); sessionAdmin.save(); Group myTestGroup = userManager.createGroup("MyUsersGroup"); sessionAdmin.save(); User newUser = userManager.createUser("marco", "password", new UserPrincipal("marco"), null); myTestGroup.addMember(newUser); sessionAdmin.save(); boolean allow = AccessControlUtils.allow(testfolder, myTestGroup.getPrincipal().getName(), new String[]{Privilege.JCR_READ}); sessionAdmin.save(); sessionAdmin.logout(); Session userSession = repository.login(new SimpleCredentials("marco", "password".toCharArray())); Node node = userSession.getNode("/testfolder"); //here the code fails because the node is not found!! {code} i did save the changes before logging in as "marco". I'm Sorry that I didn't mention it before. Marco. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-4086) Group membership not verified during permission verification
[ https://issues.apache.org/jira/browse/OAK-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15177781#comment-15177781 ] angela commented on OAK-4086: - [~iosonomarco], the code above doesn't save the changes made with the adminSession; that could explain why it's not working. if you have the save in your code, may i kindly ask you to provide a simple test-case that illustrates the problem? thanks. > Group membership not verified during permission verification > > > Key: OAK-4086 > URL: https://issues.apache.org/jira/browse/OAK-4086 > Project: Jackrabbit Oak > Issue Type: Bug > Components: security >Affects Versions: 1.3.16 >Reporter: Marco Piovesana > > I have a group called "MyUsers" containing a user called "marco". I've > created a folder called "testfolder" with admin account and i granted read > permission to the "MyUsers" group: > {code:java} > Node testfolder = adminSession.getNode("/testfolder"); > boolean allow = AccessControlUtils.allow(testfolder, > myUsersGroup.getPrincipal(), new String[]{Privilege.JCR_READ}); > {code} > When I login as "marco", if i try to find that folder i get an error saying > that the folder doesn't exists (user does not have tthe permission to read > it). It works only if I grant the READ permission directly to the user. > {code:java} > Session usrSession = repository.login(new SimpleCredentials("marco", > "password".toCharArray())); > Node node = usrSession.getNode("/testfolder"); //here the code fails because > the node is not found!! > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)