-
Improvement
-
Resolution: Obsolete
-
Major
-
short term
-
None
-
Magnolia 4.5.3, 4.5.5, Tomcat 7.0.29
On my public instance there are some images that are not displayed. The images by it self will show a login screen and an Exception is thrown:
ERROR info.magnolia.module.cache.filter.CacheFilter : A request started to cache but failed with an exception (AccessDeniedException: Access denied).
Some images are displayed though. It turns out that as soon an image is created by a non-anomymous user once, it will be displayed by anonymous users from then on.
The anonymous user has of course the appropriate rights (read/write to imaging):
Role: imaging-base Read/Write permission in the workspace imaging with path /*
(No other rules on workspace imaging.)
I debugged it down to the AccessDeniedException that is thrown in SimpleAccessManager when the cache image is tried to be created.
org.apache.jackrabbit.core.security.simple.SimpleAccessManager
public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException { if (!isGranted(absPath, permissions)) { throw new AccessDeniedException("Access denied"); } }
isGranted will end up here:
... } else if (anonymous) { // anonymous is only granted READ permissions return permissions == Permission.READ; } ...
(SimpleAccessManager.anoymous is true.)
So the ACL is obviously never considered.
Am I doing something wrong? Or is this a bug?
Tested in 4.5.3 and 4.5.5