<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 01:08:06 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[DOCU-329] On public instance: cache images can not be created by anonymous (ACL not considered)</title>
                <link>https://jira.magnolia-cms.com/browse/DOCU-329</link>
                <project id="10190" key="DOCU">Documentation</project>
                    <description>&lt;p&gt;On my public instance there are some images that are not displayed. The images by it self will show a login screen and an Exception is thrown:&lt;/p&gt;
&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;ERROR info.magnolia.module.cache.filter.CacheFilter     : A request started to cache but failed with an exception (AccessDeniedException: Access denied).
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Some images are displayed though. It turns out that as soon an image is created by a non-anomymous user once, it will be displayed by anonymous users from then on.&lt;/p&gt;

&lt;p&gt;The anonymous user has of course the appropriate rights (read/write to imaging):&lt;/p&gt;
&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;Role: imaging-base
Read/Write permission in the workspace imaging with path /*
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;(No other rules on workspace imaging.)&lt;/p&gt;

&lt;p&gt;I debugged it down to the AccessDeniedException that is thrown in SimpleAccessManager when the cache image is tried to be created.&lt;/p&gt;

&lt;p&gt;org.apache.jackrabbit.core.security.simple.SimpleAccessManager&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;&lt;span class=&quot;code-keyword&quot;&gt;public&lt;/span&gt; void checkPermission(Path absPath, &lt;span class=&quot;code-object&quot;&gt;int&lt;/span&gt; permissions) &lt;span class=&quot;code-keyword&quot;&gt;throws&lt;/span&gt; AccessDeniedException, RepositoryException {
    &lt;span class=&quot;code-keyword&quot;&gt;if&lt;/span&gt; (!isGranted(absPath, permissions)) {
        &lt;span class=&quot;code-keyword&quot;&gt;throw&lt;/span&gt; &lt;span class=&quot;code-keyword&quot;&gt;new&lt;/span&gt; AccessDeniedException(&lt;span class=&quot;code-quote&quot;&gt;&quot;Access denied&quot;&lt;/span&gt;);
    }
}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;isGranted will end up here:&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;...
} &lt;span class=&quot;code-keyword&quot;&gt;else&lt;/span&gt; &lt;span class=&quot;code-keyword&quot;&gt;if&lt;/span&gt; (anonymous) {
    &lt;span class=&quot;code-comment&quot;&gt;// anonymous is only granted READ permissions
&lt;/span&gt;    &lt;span class=&quot;code-keyword&quot;&gt;return&lt;/span&gt; permissions == Permission.READ;
}
...
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;(&lt;tt&gt;SimpleAccessManager.anoymous&lt;/tt&gt; is true.)&lt;/p&gt;

&lt;p&gt;So the ACL is obviously never considered.&lt;/p&gt;

&lt;p&gt;Am I doing something wrong? Or is this a bug?&lt;/p&gt;

&lt;p&gt;Tested in 4.5.3 and 4.5.5&lt;/p&gt;</description>
                <environment>Magnolia 4.5.3, 4.5.5, Tomcat 7.0.29</environment>
        <key id="25903">DOCU-329</key>
            <summary>On public instance: cache images can not be created by anonymous (ACL not considered)</summary>
                <type id="4" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10890&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/major.svg">Major</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Obsolete</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="jpetersen">Jonas Petersen [X]</reporter>
                        <labels>
                    </labels>
                <created>Fri, 12 Oct 2012 23:26:46 +0200</created>
                <updated>Tue, 22 Sep 2015 14:10:56 +0200</updated>
                            <resolved>Tue, 22 Sep 2015 14:10:56 +0200</resolved>
                                    <version>short term</version>
                                    <fixVersion>short term</fixVersion>
                                    <component>content</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="52288" author="had" created="Sat, 13 Oct 2012 15:45:09 +0200"  >&lt;p&gt;Could you please provide exact instructions on how to reproduce this problem?&lt;br/&gt;
Thanks.&lt;/p&gt;</comment>
                            <comment id="52292" author="jpetersen" created="Sun, 14 Oct 2012 00:10:44 +0200"  >&lt;p&gt;I tried to reproduce it with the demo-project on a fresh install, but it&apos;s working as expected there.&lt;/p&gt;

&lt;p&gt;I found out why though: it&apos;s not using &lt;tt&gt;SimpleAccessManager&lt;/tt&gt; but &lt;tt&gt;DefaultAccessManager&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;It turns out that we&apos;re sticking with an outdated &lt;tt&gt;jackrabbit-bundle-derby-search.xml&lt;/tt&gt;. This exact file was using &lt;tt&gt;SimpleAccessManager&lt;/tt&gt; until Tue Mar 22 2012. On that day the config changed to &lt;tt&gt;DefaultAccessManager&lt;/tt&gt; (&lt;a href=&quot;http://svn.magnolia-cms.com/view/community/magnolia/trunk/magnolia-empty-webapp/src/main/webapp/WEB-INF/config/repo-conf/jackrabbit-bundle-derby-search.xml?r1=42057&amp;amp;r2=43263&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;view diff&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;So this can be closed.&lt;/p&gt;

&lt;p&gt;(I&apos;m not the first one to stumble over this: &lt;a href=&quot;http://forum.magnolia-cms.com/forum/thread.html?threadId=c4181685-5755-447f-abac-8b8d677ae4ba&amp;amp;page=1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;forum thread&lt;/a&gt;)&lt;/p&gt;</comment>
                            <comment id="52293" author="had" created="Sun, 14 Oct 2012 00:19:33 +0200"  >&lt;p&gt;Yeah, i wondered how you end up in &lt;tt&gt;SimpleAccessManager&lt;/tt&gt;. Thought that maybe we missed &lt;tt&gt;imaging&lt;/tt&gt; somehow.&lt;/p&gt;

&lt;p&gt;You are right that more ppl stumble over forgotten update of JR config so rather then closing this issue I moved it to documentation to make sure this exists somewhere as a tip.&lt;/p&gt;

&lt;p&gt;Thanks for reporting the problem.&lt;br/&gt;
Regards,&lt;br/&gt;
Jan&lt;/p&gt;</comment>
                            <comment id="52294" author="jpetersen" created="Sun, 14 Oct 2012 00:32:25 +0200"  >&lt;p&gt;Ok, great.&lt;/p&gt;

&lt;p&gt;By the way, another effect of this was that it was not possible to restrict access for certain users to the website tree. Every user - no matter what acl they got - could just see the whole tree and also write to the whole tree.&lt;/p&gt;</comment>
                            <comment id="113048" author="cmeier" created="Tue, 22 Sep 2015 14:10:56 +0200"  >&lt;p&gt;Ticket is old and inactive for a long time. And such issue - if it exists - should be in another JIRA project.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>kreuzwerker.de</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sat, 13 Oct 2012 15:45:09 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mmuehlebach</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 21 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>cmeier</customfieldvalue>
            <customfieldvalue>had</customfieldvalue>
            <customfieldvalue>jpetersen</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03sz3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>22304</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>