BUG Working with setIdentity an clearIdentity

Hi all,

I think that we have found a bug working with setIdentity and clearIdentity from session manager. I have a Spring application that works with a SessionManager as an instance variable. This instance variable dispatch sessions based on this:

        final String ticket = this.getTicketForUser(loggedUser); // just get a valid ticket with superuser credentials
        final IDfLoginInfo li = this.cx.getLoginInfo();
        li.setUser(loggedUser);
        li.setPassword(ticket);

        if (this.helpSessionMgr.hasIdentity(this.repository)) {
            this.helpSessionMgr.clearIdentity(this.repository);
        }

this.helpSessionMgr.setIdentity(this.repository, li);
return this.helpSessionMgr.getSession(this.repository);

where the helpSessionMgr is the instance variable of a singleton.

All seems ok. When I try to launch a DQL over a custom type that is secured with ACL's (for example select * from my_type where r_object_id='blablabla'), the DFC automatically adds the information about security: r_accesor_name and so on... The problem is that it seems that the accesor name is not cleared from the previous user who used the session from pool. So the first user using the session from pool works ok, but the second one doesn't, because in the final SQL (captured with a listener) there is information about the previous user.

Could anybody help? Tx in advance

Find more posts tagged with

Comments

mszurap

Hi,

Are you sure you are not using the same session (reference)? Are you releasing your previous session from your session manager?

Mike

manelmateos

Yes, I am. The session is disconnected. We can see this in logging system:

INFO [] - com.documentum.fc.client.impl.session.Session - Session{id=1, iid=4, serial=0, docbase=gabjur_test, user=ctcapgrup} has no more references
INFO [] - com.documentum.fc.client.impl.session.PooledSessionFactory - Session{id=1, iid=4, serial=0, docbase=gabjur_test, user=ctcapgrup} returned to pool
INFO [] - com.documentum.fc.client.impl.session.Session - Session{id=1, iid=4, serial=1, docbase=gabjur_test, user=ctcapgrup} disconnected

jrlopez

I'm working with manelmateos and we are using DFC Version is 6.0.0.113SP1 and Content Server 6

LoginUserName and identity login info shows the correct info, that's the user who logged.

Documentum Administrator shows the same extrange behaviour when queries are runned by Tools>DqlEditor. So it seems information is being stored somewhere in the pool and it's not being removed.
If session pool is disconnected in the dfc.properties queries are ok.

manelmateos

Hi,

steps to recreate the error with DA:

1.Login into DA with a superuser account.
2.Create two users: userbug1 and userbug2. (The required properties, to be introduced to both users, are user_name, user_login_name,password,e-mail.
It also has the default user folder as "Temp.")
3. Create of two ‘dm_folder’ (Folder1: Its ACL includes the user userbug1 by the ‘Read’ permit level and dm_world has ‘None’ permit level. Folder2: Its ACL includes the users userbug1 and userbug2, and dm_world has ‘None’ permit.
4. ‘logout’ and then login with a user userbug2.
5. We execute the following dql width DQLEditor:select object_name from dm_folder where folder('/Temp',descend) and object_name like 'folder%'
The query result must show only the folder folder2. OK.
6.‘logout’ and then login with a user userbug1
7. We execute the same dql: select object_name from dm_folder where folder('/Temp',descend) and object_name like 'folder%'
The query result must show two folders, folder1 and folder2, because userbug1 has Read acces permit in both ACL’s, but the result is wrong. Only returns the folder folder2.

If we check the 'show SQL' in the second case (step 7) we see this:
AND ((acl_r.r_accessor_name IN ('userbug2', 'dm_world') OR ...

It seems the session is identifying the accessor_name as userbug2, the previous user and it should be userbug1