Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9628

Create a protected property importer for handling user tokens

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • core, security
    • None

    Description

      An attempt to invoke javax.jcr.Session#importXML() on a payload including exported rep:User nodes will fail with the following message if the .tokens subnode is not empty:

      javax.jcr.nodetype.ConstraintViolationException: OakConstraint0021: /home/users/5/5d60zjEABcbAjvqo8SyI/.tokens/50c611f9-9886-4124-ada6-e224ffeead8e[[rep:Token]]: Mandatory property rep:token.key not found in a new node
	at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:226) [org.apache.jackrabbit.oak-api:1.34.0]
	at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:213) [org.apache.jackrabbit.oak-api:1.34.0]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:677) [org.apache.jackrabbit.oak-jcr:1.34.0]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:503) [org.apache.jackrabbit.oak-jcr:1.34.0]
	at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:424) [org.apache.jackrabbit.oak-jcr:1.34.0]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:273) [org.apache.jackrabbit.oak-jcr:1.34.0]
	at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:421) [org.apache.jackrabbit.oak-jcr:1.34.0]
	at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:207) [com.adobe.granite.repository:1.6.100]

      The reason is that all the properties in rep:Token nodes are protected:

      [rep:Token] > mix:referenceable
  - rep:token.key (string) mandatory protected
  - rep:token.exp (date) mandatory protected
  - * (undefined) protected
  - * (undefined) protected multiple

      and they'll be skipped by the importer unless there's a custom ProtectedPropertyImporter implementation handling them:
      https://github.com/apache/jackrabbit-oak/blob/bb749cac90617f9350189599f5f63ec20da7c490/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/xml/ImporterImpl.java#L278-L288

      The goal of this story is to create such implementation, so the tokens can be imported together with the rest of the rep:User subtree.

      Attachments

        Issue Links

          is a clone of

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OAK-9224 Create a protected property importer for handling user tokens

          • Major - Major loss of function.
          • Closed

          Activity

            People

              angela Angela Schreiber
              tomek.rekawek Tomek Rękawek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: