Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Unprioritized
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Repository
    • Labels:
      None

      Description

      When 3rd party applications like MS-Office lock documents through protocols like WebDAV or AOS, then they are using a token based lock mechanism. It is only allowed to modify the document if the client knows the token. Alfresco already stores this token, but it is not yet properly enforced by the core repo.
      Only the WebDAV and AOS clients running on top of the core Repo enforce this token.

      Effects of this problem:

      1. Open a document with a 3rd party application from a WebDAV or AOS mapped drive for editing
      2. This document is locked in Alfresco
      3. Try to rename the document with any application except Share (e.g. Salesforce, mobile client, CMIS, ...) with the same user account
        Expected result:
        It is not possible to rename the document without the webdav token
        However:
        The document is renamed and the 3rd party application is failing since it cannot find the document anymore.

      Proposed fix:
      We are already storing the WebDAV lock token in an Aspect that is applied by the LockService if the lock is initiated by WebDAV. There is a method in the LockService that checks access to a document based on the current user account. This method needs to be extended so that it denies access even if the same user account is used but if the Aspect on the node has a non-null token.
      For WebDAV and AOS, there needs to be a method like setLockToken that can be used to set a token per thread in a ThreadLocal. So if WebDAV or AOS needs to modify a document, it can use code like this:

          lockService.setLockToken(webdavToken);
          try
          {
              nodeService.setProperties(...);
          }
          finally
          {
              lockService.clearToken();
          }
      

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  repositoryteam Repository Team
                  Reporter:
                  skopf Stefan Kopf
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Structure Helper Panel