[CDO] problem with authentication and durable lock id [message #1589206] |
Wed, 28 January 2015 09:48 |
Mickael LANOE Messages: 1 Registered: October 2014 |
Junior Member |
|
|
Hi,
I am facing a problem with two users using a CDO based application
(Sirius) with the same eclipse alternately.
The first user opens a session with his username, creates a transaction,
enables the durable lock id and saves it into a local file.
He acquires a read lock on an object and closes the session.
The second user also opens a session with another username and creates a
transaction with the previous durable lock id. Note that it is our
application (Sirius) that is automatically using the previous durable
lock id because it is saved locally.
We can see that the read lock is acquired by another but the second user
can also acquire a write lock on the same object.
I think we should verify that the user id stored in the LockArea is the
same as used in the session?
To prevent the creation of a transaction with a durable lock id that is
not owned by the current user, we could add this code in
org.eclipse.emf.cdo.internal.server.LockingManager.openView(ISession,
int, boolean, String):
LockArea area = getLockArea(durableLockingID);
if (StringUtil.compare(area.getUserID(), session.getUserID()) != 0)
{
throw new IllegalStateException("Durable owner does not match the
current user id");
}
But I not sure that this behavior is expected in all cases ?
Regards,
|
|
|
Re: [CDO] problem with authentication and durable lock id [message #1600532 is a reply to message #1589206] |
Wed, 04 February 2015 09:57 |
|
Hi Mickael,
This works as designed. The durable locking ID is a secret token that must either be kept private by the owning user or
the user must pass it on and accept that another user acts on his behalf.
Maybe you elaborate what your concrete problem is?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 28.01.2015 um 10:48 schrieb Mickael LANOE:
> Hi,
>
> I am facing a problem with two users using a CDO based application
> (Sirius) with the same eclipse alternately.
>
> The first user opens a session with his username, creates a transaction,
> enables the durable lock id and saves it into a local file.
> He acquires a read lock on an object and closes the session.
>
> The second user also opens a session with another username and creates a
> transaction with the previous durable lock id. Note that it is our
> application (Sirius) that is automatically using the previous durable
> lock id because it is saved locally.
> We can see that the read lock is acquired by another but the second user
> can also acquire a write lock on the same object.
>
> I think we should verify that the user id stored in the LockArea is the
> same as used in the session?
>
> To prevent the creation of a transaction with a durable lock id that is
> not owned by the current user, we could add this code in
> org.eclipse.emf.cdo.internal.server.LockingManager.openView(ISession,
> int, boolean, String):
>
> LockArea area = getLockArea(durableLockingID);
> if (StringUtil.compare(area.getUserID(), session.getUserID()) != 0)
> {
> throw new IllegalStateException("Durable owner does not match the
> current user id");
> }
>
> But I not sure that this behavior is expected in all cases ?
>
> Regards,
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
Powered by
FUDForum. Page generated in 0.02780 seconds