Unlocking a resource

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Unlocking a resource

Roy Teeuwen
Hey all,

I am trying to unlock a resource in a job that needs to modify the resource or subresources, but since upgrading to service resource resolvers this doesn't seem to be supported anymore. When doing the following code, I get the exception "Not an owner of the lock /content/my-site/nl/my-page/jcr:content".

```
LockManager lockManager = resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager();
lockManager.unlock(lockedResource.getPath());
```


I tried to use the impersonate from service and then doing the unlock with a lockmanager from that session but it still is not possible to do it.

```
def session = slingRepository.impersonateFromService("my-service", new SimpleCredentials("my-user", "".toCharArray()), (String)null);
```

The only solution I have is to not use service resource resolvers, but this would be the first case where I would have to allow the login admin for a specific bundle so I would like to avoid it

Anyone has a solution for this?

Thanks!
Roy
Reply | Threaded
Open this post in threaded view
|

Re: Unlocking a resource

Robert Munteanu-2
Hi Roy,

On Wed, 2018-03-14 at 13:01 +0100, Roy Teeuwen wrote:

> Hey all,
>
> I am trying to unlock a resource in a job that needs to modify the
> resource or subresources, but since upgrading to service resource
> resolvers this doesn't seem to be supported anymore. When doing the
> following code, I get the exception "Not an owner of the lock
> /content/my-site/nl/my-page/jcr:content".
>
> ```
> LockManager lockManager =
> resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager
> ();
> lockManager.unlock(lockedResource.getPath());
> ```
>
>
> I tried to use the impersonate from service and then doing the unlock
> with a lockmanager from that session but it still is not possible to
> do it.
>
> ```
> def session = slingRepository.impersonateFromService("my-service",
> new SimpleCredentials("my-user", "".toCharArray()), (String)null);
> ```
>
> The only solution I have is to not use service resource resolvers,
> but this would be the first case where I would have to allow the
> login admin for a specific bundle so I would like to avoid it
>
> Anyone has a solution for this?

My reading of the Oak code at [1] is that you either need to be an
admin user or the lock owner to unlock.

Also note [2], which means that this area is unlikely to see
improvements in the future.

Robert


[1]: https://github.com/apache/jackrabbit-oak/blob/8f7bc6578cc2b5e8ecb2
dd1544d771951678d011/oak-
jcr/src/main/java/org/apache/jackrabbit/oak/jcr/lock/LockManagerImpl.ja
va#L196-L207
[2]: https://issues.apache.org/jira/browse/OAK-6421
Reply | Threaded
Open this post in threaded view
|

Re: Unlocking a resource

Roy Teeuwen
Hey Robert,

I have tried adding the service user to the "administrators" group, and that didn't fix. So that probably means that the following code means that it has to be exactly the "admin" user?

if (a != null && !a.isGroup()) {
        return ((User) a).isAdmin();
}

I guess there is no alternative than using the login whitelist then, thats a pity. And from oak 1.10 I can just drop the code of unlocking, even better hehe.

Thanks!
Roy


> On 15 Mar 2018, at 21:15, Robert Munteanu <[hidden email]> wrote:
>
> Hi Roy,
>
> On Wed, 2018-03-14 at 13:01 +0100, Roy Teeuwen wrote:
>> Hey all,
>>
>> I am trying to unlock a resource in a job that needs to modify the
>> resource or subresources, but since upgrading to service resource
>> resolvers this doesn't seem to be supported anymore. When doing the
>> following code, I get the exception "Not an owner of the lock
>> /content/my-site/nl/my-page/jcr:content".
>>
>> ```
>> LockManager lockManager =
>> resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager
>> ();
>> lockManager.unlock(lockedResource.getPath());
>> ```
>>
>>
>> I tried to use the impersonate from service and then doing the unlock
>> with a lockmanager from that session but it still is not possible to
>> do it.
>>
>> ```
>> def session = slingRepository.impersonateFromService("my-service",
>> new SimpleCredentials("my-user", "".toCharArray()), (String)null);
>> ```
>>
>> The only solution I have is to not use service resource resolvers,
>> but this would be the first case where I would have to allow the
>> login admin for a specific bundle so I would like to avoid it
>>
>> Anyone has a solution for this?
>
> My reading of the Oak code at [1] is that you either need to be an
> admin user or the lock owner to unlock.
>
> Also note [2], which means that this area is unlikely to see
> improvements in the future.
>
> Robert
>
>
> [1]: https://github.com/apache/jackrabbit-oak/blob/8f7bc6578cc2b5e8ecb2
> dd1544d771951678d011/oak-
> jcr/src/main/java/org/apache/jackrabbit/oak/jcr/lock/LockManagerImpl.ja
> va#L196-L207
> [2]: https://issues.apache.org/jira/browse/OAK-6421