Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1498

Make query results more resilient to not break on unauthorized results but skip them

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Fixed
    • None
    • jackrabbit-patches-h12
    • None
    • None
    • Platform Sprint 132

    Description

      When iterating through the nodes in a query result via

      javax.jcr.query.QueryResult queryResult = ...;
      for (Node node : new NodeIterable(queryResult.getNodes())) {
              System.out.println(node.getPath());
      }
      

      It will always work since in case a node in the search result is unauthorized (should normally not happen), it still gets skipped by org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl (and only a warning is logged). Since search results are non-transactional, this (an unauthorized node during iteration being skipped) can always happen even without the authorization query.

      If however, instead of queryResult.getNodes(), you use

      javax.jcr.query.QueryResult queryResult = ...;
       while (rows.hasNext()) {
               final Row row = rows.nextRow();
               final Value[] values = row.getValues();
      }
      

      the code above throws a repository exception on 'row.getValues()' if the backing jcr node cannot be read (unauthorized).
      We should in jackrabbit RowIteratorImpl first fetch the node and log a warning if it is not allowed to be read.

      Attachments

        1. REPO_1498_new.patch
          10 kB
          Ard Schrijvers
        2. REPO-1498-updated.patch
          6 kB
          Ate Douma

        Issue Links

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: