Details
Major Description
the MembershipCache.collectDeclaredMembershipFromTraversal traverses the entire /home/groups tree and analyzes all properties if they contain a reference to the authorizable node. this is very suboptimal and in case there is a multivalue, this even throws an error.
suggest:
- do an intelligent traversal instead using the TraversingItemVisitor.
- be cautious not to read MV properties unchecked.
Potential error:
com.day.crx.security.ldap.LDAPLoginModule Cause: javax.jcr.ValueFormatException: propert
y /home/groups/a/administrators/jcr:mixinTypes is a multi-valued property, so it's values can only be retrieved as an array
at org.apache.jackrabbit.core.PropertyImpl.internalGetValue(PropertyImpl.java:483)
at org.apache.jackrabbit.core.PropertyImpl.getValue(PropertyImpl.java:510)
at org.apache.jackrabbit.core.PropertyImpl.getString(PropertyImpl.java:520)
at org.apache.jackrabbit.core.security.user.MembershipCache$1.entering(MembershipCache.java:363)
at javax.jcr.util.TraversingItemVisitor.visit(TraversingItemVisitor.java:160)
at org.apache.jackrabbit.core.PropertyImpl.accept(PropertyImpl.java:904)
at javax.jcr.util.TraversingItemVisitor.visit(TraversingItemVisitor.java:187)
at org.apache.jackrabbit.core.NodeImpl.accept(NodeImpl.java:1720)
at javax.jcr.util.TraversingItemVisitor.visit(TraversingItemVisitor.java:191)
at org.apache.jackrabbit.core.NodeImpl.accept(NodeImpl.java:1720)
at javax.jcr.util.TraversingItemVisitor.visit(TraversingItemVisitor.java:191)
at org.apache.jackrabbit.core.security.user.MembershipCache.collectDeclaredMembershipFromTraversal(MembershipCache.java:374)
at org.apache.jackrabbit.core.security.user.MembershipCache.collectDeclaredMembership(MembershipCache.java:200)
at org.apache.jackrabbit.core.security.user.AuthorizableImpl.collectMembership(AuthorizableImpl.java:358)
at org.apache.jackrabbit.core.security.user.AuthorizableImpl.declaredMemberOf(AuthorizableImpl.java:89)
at org.apache.jackrabbit.core.security.user.UserImpl.declaredMemberOf(UserImpl.java:38)