|[CDO] Problem loading older revisions of object with 4.3 [message #1307551]
||Mon, 21 April 2014 16:43
| Ashish Shinde
Registered: August 2013
I am facing a strange problem with loading older revisions of objects with CDO 4.3 nightly snapshot. (I am running on DBStore using mysql). This post outline the problem, the diagnosis and a potential fix, and is longish but then this is a very real and urgent problem for us and we want the fix to be added to CDO.
The problem is reading features of older versions of objects throws "NoPermissionException" althoutg this user has full permissions. This is not easily reproducable.
However here is the sequence of steps to potentially re create this problem
1. Create an object. Update the object and commit it multiple times to have a few revisions.
2. Open a fresh CDOSession and open a view.
3. Iterate over the object's history using view.getHistory(cdoObject);
4. From the session created in #2, open a new view at timestamp matching an older edit on the object. Read an older version of the object using view.getObject(cdoid).
5. Accessing attributes / features on this object result in "NoPermissionException"
After a lot of debugging I have narrowed this down to the following
1. view.getHistory(cdoObject) triggers a load of CDORevisions of the cdo object.
2. This code triggers "LoadChangeSetsIndication" on the server which in turn invokes
3. This call invokes
writeCDORevision(CDORevision revision, int referenceChunk, CDOBranchPoint securityContext) with securityContext set to null
4. After a few calls this ends up in SecutrityManager.authorize again with securityContext set to null
5. The authorize method invokes permission.isApplicable() which in turn invokes filter. ResourceFilter.filter() which in turn invokes CDORevisionUtil.getResourceNodePath() which after a series of calls invokes CDORevisionProvider.getRevision() which then invokes CDORevisionManagerImpl,getCachedRevision() with branchPoint (previous securityContext) set to null. The cache throws NPE because it expects non null branchPoint.
6. The FilterPermissionImpl.filter() methods ignores this exception and returns false, resulting in the revision being returned with permissions set to NONE.
7. On the client end this revision is again cached by CDORevisionManagerImpl
8. A read now on an older version of the object uses this cached revision and throws NoPermissionException for any attribute read off this object.
This probably is a bug and may not be a common use case but for our application it is very much common where users look at object histories and view older versions of the objects.
The fix would, I think, be to have
a. SecurityManager set the securityContext to revision.getBranchPoint() if null
b. have CDODataOutputImpl.writeCDOChangeSetData() to pass revision.getBranchPoint() as the securitycontext instead of null.
I am not sure what other implications of this fixes or if there are other fixes if any.
Please do help with fixing this.
Thanks and regards,
Powered by FUDForum
. Page generated in 0.01990 seconds