Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

upgrade from 8.2 to 9.3 -- BaseSession.hasPermission change

Eric_Ace
Confirmed Champ
Confirmed Champ

‎01-04-2018 12:27 PM

We are upgrading from 8.2 to 9.3. We have some existing unit tests to test extensions we've built that are designed to test concurrency scenarios. There is a difference in how the BaseSession.hasPermission method executes from 8.2 to 9.3. In both versions, BaseSession.hasPermission calls ClientLoginModule.getCurrentPrincipal. In 8.2, when running as a separate thread, the getCurrentPrincipal method returns null and hasPermission retrurns true. In 9.3 from a separate thread, getCurrentPrincipal method also returns null but then hasPermission returns false. The null return triggers the different behavior in the BaseSession.hasPermission method between 8.2 and 9.3. I can overcome this by preceding the getUserModel call inside the thread with the following statement: Framework.Login();. This eliminates the null return. But I'm wondering if there's a better approach. Thanks

@Test
public void foo() throws Exception {
    UserManager userManager = Framework.getLocalService(UserManager.class);
    userManager.getUserModel("ex-1");
    Executors.newFixedThreadPool(1).execute(new FutureTask<>(() -> {
        UserManager userManager = Framework.getLocalService(UserManager.class);
        userManager.getUserModel("ex-2");
    }));
}
0 Kudos
4 REPLIES 4

Eric_Ace
Confirmed Champ
Confirmed Champ

‎01-04-2018 12:37 PM

note - original post had an error which I've corrected...

0 Kudos

Eric_Ace
Confirmed Champ
Confirmed Champ

‎01-05-2018 02:26 PM

Nuxeo folks - I'm seeing this elsewhere. When invoking directory functionality from within event handlers (i.e. to add/modify Directory entries) the BaseSession checkPermission method gets a null principal from the ClientLoginModule but whereas before, NULL was interpreted as "you can do anything" now it is interpreted as "you can do nothing." So the code fails the permission check and aborts. So I'm adding Framework.login() in places where I have these event handlers but that can't be right. Help is appreciated.

0 Kudos

Florent_Guillau
World-Class Innovator
World-Class Innovator

‎01-11-2018 09:27 AM

Yes this change was done on purpose (NXP-22463) to improve the security of directories.

In unit tests, you will have to use a login mechanism to provide an explicit user to the authentication stack. I can be as simple as calling your code inside Framework.doPrivileged

0 Kudos

Eric_Ace
Confirmed Champ
Confirmed Champ
In response to Florent_Guillau

‎01-12-2018 06:39 AM

Ok Thanks!

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC