2 Replies Latest reply on Feb 27, 2015 3:29 PM by Sergey Podatelev

    Modeshape REST: empty context data in security context

    Sergey Podatelev Newbie

      Hello,

      I'm trying to figure out a problem I'm having in a spring web app w/Modeshape 3.8 & REST. Note that I'm not an expert on both the latter topics.

      Some pages of the app send several read requests to REST, which exposes a JCR repo. The requests return a node w/its subtree.

      The problem is that about 1 in 10 or 20 requests returns invalid data: all the references in subree are missing from the resulting JSON response.

       

      I've made some research, and found out that when reading the repository, and creating RestNode-s, RestItemHandler checks permission whether current user has access to the node. This check is performed through ServletSecurityContext, which is supposed to have HttpRequest as part of its context data.

       

      I see that context data is pushed in through SynchronousDispatcher in RestEasyView & RestEasyHandlerAdapter, and then cleaned up.

       

      However, when the error occurs, I see that when REST's ContextParameterInjector is attempting to take the HttpRequest object from context data, the object is actually null. I made an extra log, and the context data is indeed empty. This results in error when trying to perform HttpRequest.isUserInRole(), so reference node is never checked, and never appended to the response.

       

      Can you please direct me on where to look next? Is there a way for me to debug this, or at least to make this issue reproduce consistently?

       

      One of my options is skipping all permissions checking for reading the repository — is there a way to achieve that?