[#SEC-655] When inserting ACE's in a parent ACL it's possible to end up with a child ACL that has a stale reference to its parent

Spring Security

When inserting ACE's in a parent ACL it's possible to end up with a child ACL that has a stale reference to its parent

Created: 30/Jan/08 11:53 PM Updated: 05/Apr/08 01:18 AM

Component/s:

ACLs

Affects Version/s:

2.0.0 M1

Fix Version/s:

2.0.0

Time Tracking:

Not Specified

File Attachments:

AclPermissionInheritanceTests.java (9 kB)

Issue Links:

Depends

This issue is depended on by:

~~SEC-532~~ ACL Improvements

Description

« Hide

The JdbcMutableAclService in its updateAcl method evicts the ObjectIdentity from the cache. However, it should probably evict child ObjectIdentities too whose parent ACL now is no longer in cache.

All

Comments

Work Log

Change History

FishEye

Builds

Sort Order:

[ Permlink | « Hide ]

Rossen Stoyanchev added a comment - 30/Jan/08 11:54 PM

The attached junit tests demonstrate the issue.

[ Permlink | « Hide ]

Ben Alex added a comment - 05/Apr/08 01:18 AM

SVN revision 2865.

Added the AclPermissionInheritanceTests to the source tree.

Modified JdbcMutableAclService to automatically evict any and all children ACLs from the cache of any Acl being updated. The eviction is recursive (ie goes iterates through each layer of children ACLs, not only direct descendants). Tests pass.