Search code examples
javajcrjackrabbit

Jackrabbit unclosed session detected on AccessDeniedException but session is null

I'm working with Jackrabbit 2.13.1.

Why AccessDeniedException causes session leak?

        try {
            session = repository.login(creds); //here are creds for user without permissions, just for testing
        } catch (Throwable t) {
            if (session != null) {
                session.logout();
            }
            Throwables.propagateIfInstanceOf(t, javax.jcr.RepositoryException.class);
            throw Throwables.propagate(t);
        }

This throws, as expected, AccessDeniedException:

Caused by: javax.jcr.LoginException: Workspace access denied
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1529)
    at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
    at ttt.createSession(RepositoryManager.java:132)
    ... 51 common frames omitted

Caused by: javax.jcr.AccessDeniedException: Not allowed to access Workspace default
    at org.apache.jackrabbit.core.security.DefaultAccessManager.init(DefaultAccessManager.java:159)
    at org.apache.jackrabbit.core.DefaultSecurityManager.getAccessManager(DefaultSecurityManager.java:280)
    at org.apache.jackrabbit.core.SessionImpl.createAccessManager(SessionImpl.java:356)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:273)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
    at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
    at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
    at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)

session is null, so I'm unable to call logout on it. But unclosed session detected exception is thrown:

WARN  o.a.jackrabbit.core.SessionImpl - Unclosed session detected. The session was opened here: 
java.lang.Exception: Stack Trace
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:222)
    at org.apache.jackrabbit.core.SessionImpl.<init>(SessionImpl.java:239)
    at org.apache.jackrabbit.core.XASessionImpl.<init>(XASessionImpl.java:101)
    at org.apache.jackrabbit.core.RepositoryImpl.createSessionInstance(RepositoryImpl.java:1613)
    at org.apache.jackrabbit.core.RepositoryImpl.createSession(RepositoryImpl.java:956)
    at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1501)
    at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:144)
    at ttt.createSession(RepositoryManager.java:132)
Solution

  • Good catch, this sounds clearly as a bug that still exists in 2.13.3 and that occurs in case an exception is thrown in the constructor of SessionImpl, the session is then partially created but it is still considered as alive and a live session that is about to be GCed is considered as a session leak by the current code this is why you get this warning.

    I've just created a ticket for this https://issues.apache.org/jira/browse/JCR-4033