Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting a different store protocol for an encrypted selectorPropertyRoutingStore #37

Open
yanlilong opened this issue Apr 1, 2022 · 4 comments
Open

Setting a different store protocol for an encrypted selectorPropertyRoutingStore #37

yanlilong opened this issue Apr 1, 2022 · 4 comments

Comments

@yanlilong
Copy link

Hi Alex,
Alfresco Version:7.0.1.3
Configuration:

simpleContentStores.customStores=pzsEncryptingStore,pzsCustomFileStore,propertyRoutingStore,defaultTenantFileContentStore
simpleContentStores.rootStore=propertyRoutingStore

simpleContentStores.customStore.propertyRoutingStore.type=selectorPropertyRoutingStore
simpleContentStores.customStore.propertyRoutingStore.ref.fallbackStore=defaultTenantFileContentStore
simpleContentStores.customStore.propertyRoutingStore.value.selectorClassName=ps:storeSelector
simpleContentStores.customStore.propertyRoutingStore.value.selectorPropertyName=ps:encryptedStoreName
simpleContentStores.customStore.propertyRoutingStore.map.storeBySelectorPropertyValue.ref.encrypt=pzsEncryptingStore
simpleContentStores.customStore.propertyRoutingStore.value.moveStoresOnChange=true

simpleContentStores.customStore.pzsEncryptingStore.type=encryptingFacadeStore
simpleContentStores.customStore.pzsEncryptingStore.ref.backingStore=pzsCustomFileStore
simpleContentStores.customStore.pzsEncryptingStore.value.protocol=store
simpleContentStores.encryption.keystoreIds=pzsEncryptingStore
simpleContentStores.encryption.keystore.pzsEncryptingStore.location=/usr/local/tomcat/keystore/alf.contentstore
simpleContentStores.encryption.keystore.pzsEncryptingStore.password.location=/usr/local/tomcat/keystore/encryption-keystore-password
simpleContentStores.encryption.keystore.pzsEncryptingStore.type=jceks
simpleContentStores.encryption.keystore.pzsEncryptingStore.aliases=key1
simpleContentStores.encryption.keystore.pzsEncryptingStore.key1.password=pass




simpleContentStores.customStore.pzsCustomFileStore.type=standardFileStore
simpleContentStores.customStore.pzsCustomFileStore.value.rootAbsolutePath=/usr/local/tomcat/alf_data/pzsContentStore
simpleContentStores.customStore.pzsCustomFileStore.value.deleteEmptyDirs=true
simpleContentStores.customStore.pzsCustomFileStore.value.fixedLimit=104857600

Wenn i use alfresco default store protocol
simpleContentStores.customStore.pzsEncryptingStore.value.protocol=store, and my property ps:encryptedStoreName is changed, the content is copied and encrypted to the new store pzsContentStore.
But wenn I define a different protocol for my encrypted store pzsContentStore e.g.
simpleContentStores.customStore.pzsEncryptingStore.value.protocol=pzsstore

I try to change my property ps:encryptedStoreNameof the content, but got an exception:

Missing content URL entity for pzsstore://2022/4/1/14/0/b52a4811-d463-4341-85ae-4903115faa94.bin"
[de.acosix.alfresco.simplecontentstores.repo.store.encrypted.EncryptingContentStoreManagerImpl.getDecryiptionKey(EncryptingContentStoreManagerImpl.java:201)

Could you please help me in using a difference store protocol?

Yan
@AFaust
Copy link
Member

AFaust commented Apr 4, 2022
edited

Hi Yan - I edited my initial response after looking more closely at the code and realising my initial analysis was incorrect. Can you provide more log output, especially the the stack trace of the error? I initially thought it was an issue with storing the encryption key, but from the error it looks more like an issue reading the key in some read operation. I am unsure why there would ever be a read attempt in the same operation in which you are just now moving the content into the encrypted store.

@AFaust
Copy link
Member

AFaust commented Apr 4, 2022

I have added a minor change to master which might potentially be relevant for your case. Without more details about the stacktrace, I cannot be sure, but there was one potential condition in which I could imagine there being an issue with an (incorrectly) detected existing content using a wildcard protocol that then fails when no content URL actually exists.

@yanlilong
Copy link
Author

Hi Alex,
Thanks for the quick fix!
I have tested your new change.
Now i get this new exception:
"briefSummary": "03060020 Content with the given URL already exists in the store: \n Store: de.acosix.alfresco.simplecontentstores.repo.store.file.FileContentStore\n Content URL: [dummy-wildcard-store-protocol://2022/4/6/0/58/a99c4315-49e6-4e73-af0e-a845d7c3709b.bin"

[org.alfresco.repo.content.AbstractContentStore.getWriter(AbstractContentStore.java:234), de.acosix.alfresco.simplecontentstores.repo.store.facade.CommonFacadingContentStore.getWriter(CommonFacadingContentStore.java:212), de.acosix.alfresco.simplecontentstores.repo.store.encrypted.EncryptingContentStore.getWriterImpl(EncryptingContentStore.java:234), de.acosix.alfresco.simplecontentstores.repo.store.encrypted.EncryptingContentStore.getWriter(EncryptingContentStore.java:202), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.getWriterForContentMove(MoveCapableCommonRoutingContentStore.java:879), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.processContentDataMove(MoveCapableCommonRoutingContentStore.java:820), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.processContentPropertyMove(MoveCapableCommonRoutingContentStore.java:705), de.acosix.alfresco.simplecontentstores.repo.store.routing.PropertyRestrictableRoutingContentStore.processContentPropertiesMove(PropertyRestrictableRoutingContentStore.java:107), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.lambda$checkAndProcessContentPropertiesMove$1(MoveCapableCommonRoutingContentStore.java:676), de.acosix.alfresco.simplecontentstores.repo.store.context.ContentStoreContext.executeInNewContext(ContentStoreContext.java:177), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.checkAndProcessContentPropertiesMove(MoveCapableCommonRoutingContentStore.java:675), de.acosix.alfresco.simplecontentstores.repo.store.routing.MoveCapableCommonRoutingContentStore.checkAndProcessContentPropertiesMove(MoveCapableCommonRoutingContentStore.java:645), de.acosix.alfresco.simplecontentstores.repo.store.routing.SelectorPropertyContentStore.onAddAspect(SelectorPropertyContentStore.java:176), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.alfresco.repo.policy.JavaBehaviour$JavaMethodInvocationHandler.invoke(JavaBehaviour.java:181), com.sun.proxy.$Proxy82.onAddAspect(Unknown Source), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.alfresco.repo.policy.PolicyFactory$MultiHandler.invoke(PolicyFactory.java:361), org.alfresco.repo.policy.$Proxy366.onAddAspect(Unknown Source), org.alfresco.repo.node.AbstractNodeServiceImpl.invokeOnAddAspect(AbstractNodeServiceImpl.java:584), org.alfresco.repo.node.db.DbNodeServiceImpl.addAspectsAndProperties(DbNodeServiceImpl.java:576), org.alfresco.repo.node.db.DbNodeServiceImpl.addAspectsAndProperties(DbNodeServiceImpl.java:465), org.alfresco.repo.node.db.DbNodeServiceImpl.addProperties_aroundBody64(DbNodeServiceImpl.java:1679), org.alfresco.repo.node.db.DbNodeServiceImpl$AjcClosure65.run(DbNodeServiceImpl.java:1), org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167), org.alfresco.traitextender.RouteExtensions.intercept(RouteExtensions.java:100), org.alfresco.repo.node.db.DbNodeServiceImpl.addProperties(DbNodeServiceImpl.java:1668), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344), org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163), org.alfresco.repo.lock.mem.LockableAspectInterceptor.invoke(LockableAspectInterceptor.java:239), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy38.addProperties(Unknown Source), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344), org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163), org.alfresco.repo.tenant.MultiTNodeServiceInterceptor.invoke(MultiTNodeServiceInterceptor.java:111), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy38.addProperties(Unknown Source), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.alfresco.repo.service.StoreRedirectorProxyFactory$RedirectorInvocationHandler.invoke(StoreRedirectorProxyFactory.java:231), com.sun.proxy.$Proxy55.addProperties(Unknown Source), org.alfresco.repo.node.MLPropertyInterceptor.invoke(MLPropertyInterceptor.java:241), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.repo.node.NodeRefPropertyMethodInterceptor.invoke(NodeRefPropertyMethodInterceptor.java:276), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy38.addProperties(Unknown Source), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208), com.sun.proxy.$Proxy38.addProperties(Unknown Source), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344), org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163), org.alfresco.repo.node.ContentPropertyRestrictionInterceptor.invoke(ContentPropertyRestrictionInterceptor.java:207), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.repo.audit.DisableAuditableBehaviourInterceptor.invoke(DisableAuditableBehaviourInterceptor.java:120), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.repo.transaction.RetryingTransactionInterceptor$1.execute(RetryingTransactionInterceptor.java:95), org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450), org.alfresco.repo.transaction.RetryingTransactionInterceptor.invoke(RetryingTransactionInterceptor.java:85), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.alfresco.enterprise.repo.authorization.AuthorizationStatusInterceptor.invoke(AuthorizationStatusInterceptor.java:167), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy38.addProperties(Unknown Source), org.alfresco.rest.api.impl.NodesImpl.updateNodeImpl(NodesImpl.java:2356), org.alfresco.rest.api.impl.NodesImpl$4.execute(NodesImpl.java:2267), org.alfresco.rest.api.impl.NodesImpl$4.execute(NodesImpl.java:2263), org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450), org.alfresco.rest.api.impl.NodesImpl.updateNode(NodesImpl.java:2262), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344), org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163), org.alfresco.rest.api.impl.ExceptionInterceptor.invoke(ExceptionInterceptor.java:57), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy166.updateNode(Unknown Source), org.alfresco.rest.api.nodes.NodesEntityResource.update(NodesEntityResource.java:143), org.alfresco.rest.api.nodes.NodesEntityResource.update(NodesEntityResource.java:58), org.alfresco.rest.framework.webscripts.ResourceWebScriptPut.executeAction(ResourceWebScriptPut.java:201), org.alfresco.rest.framework.webscripts.AbstractResourceWebScript$3.execute(AbstractResourceWebScript.java:206), org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450), org.alfresco.rest.framework.webscripts.AbstractResourceWebScript.execute(AbstractResourceWebScript.java:199), org.alfresco.rest.framework.webscripts.AbstractResourceWebScript$1.execute(AbstractResourceWebScript.java:111), org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450), org.alfresco.rest.framework.webscripts.AbstractResourceWebScript.execute(AbstractResourceWebScript.java:128), org.alfresco.rest.framework.webscripts.ApiWebScript.execute(ApiWebScript.java:113), org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:474), org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:664), org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:435), org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:315), org.alfresco.rest.api.PublicApiRepositoryContainer.access$001(PublicApiRepositoryContainer.java:47), org.alfresco.rest.api.PublicApiRepositoryContainer$1.doWork(PublicApiRepositoryContainer.java:84), org.alfresco.repo.tenant.TenantUtil.runAsWork(TenantUtil.java:126), org.alfresco.repo.tenant.TenantUtil.runAsTenant(TenantUtil.java:95), org.alfresco.rest.api.PublicApiRepositoryContainer.executeScript(PublicApiRepositoryContainer.java:80), org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399), org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210), org.alfresco.repo.web.scripts.TenantWebScriptServlet.service(TenantWebScriptServlet.java:82), javax.servlet.http.HttpServlet.service(HttpServlet.java:733), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.alfresco.module.aosmodule.service.ContextRootFilter.doFilter(ContextRootFilter.java:93), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.extensions.webscripts.servlet.SecurityHeadersFilter.doFilter(SecurityHeadersFilter.java:177), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.alfresco.web.app.servlet.ServletMetricsFilter.doFilter(ServletMetricsFilter.java:161), org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:75), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method), java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62), java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43), java.base/java.lang.reflect.Method.invoke(Method.java:566), org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132), org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186), org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215), com.sun.proxy.$Proxy168.doFilter(Unknown Source), org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.alfresco.web.app.servlet.ClearSecurityContextFilter.doFilter(ClearSecurityContextFilter.java:53), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), eu.atenekom.pzs.acs.servlet.AlfrescoMetricsFilter.doFilter(AlfrescoMetricsFilter.java:106), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202), org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97), org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542), org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143), org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92), org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764), org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687), org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78), org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357), org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374), org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65), org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893), org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707), org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49), java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128), java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628), org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61), java.base/java.lang.Thread.run(Thread.java:829)]

@AFaust
Copy link
Member

AFaust commented Apr 9, 2022

From the stacktrace and the code base, that problem can only happen when there is already content inside the encrypted store using the same URL path, but there is no content URL entity with a corresponding encryption key stored in the database. That can happen if a) there is a content URL entity for that path but it is using a different store protocol (the old, default one before you changed the configuration), or b) the existing content is orphaned, without an encryption key in the database, and has not been cleaned up by Alfresco yet, or c) the orphan cleanup failed to delete the file for whatever reason (read-only storage).

In general there is an issue whenever an orphaned content URL is still present for the target store. In Alfresco, it is neither possible to un-orphan an orphaned content URL nor delete and then re-create it as unorphaned, since the underlying ContentDataDAO does not provide the proper / clean APIs for that. Unfortunately, Alfresco appears to transparently reuse orphaned content URLs without properly un-orphaning them when moving content between stores. This can potentially delete content of live nodes at some point after they have been moved.

Yan, can you confirm that your content was already contained once in the encrypting content store and you are currently trying to move it back into it by updating the selector?
As described above, there may be a bigger issue with the use case of moving a content back into a store it previously was stored in while in the special situation that the old content URL is marked as orphaned in Alfresco. I believe I may have to implement 1) special handling that disables reuse of existing content if the URL is marked as orphaned, and 2) implement a fallback move which actually creates a new content URL if the old URL exists as an orphaned one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AFaust @yanlilong