[ https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612636#comment-15612636 ]
Oliver Lietz commented on SLING-6130: ------------------------------------- When trying to access the instance over WebDAV an exception is thrown: {noformat} 27.10.2016 19:48:56.442 *ERROR* [qtp1622793849-193] org.apache.jackrabbit.webdav.jcr.WorkspaceResourceImpl Internal error while building resource for the root node. javax.jcr.AccessDeniedException: Root node is not accessible. at org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:294) at org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:288) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208) at org.apache.jackrabbit.oak.jcr.session.SessionImpl.getRootNode(SessionImpl.java:288) at org.apache.sling.jcr.oak.server.internal.TcclWrappingJackrabbitSession.getRootNode(TcclWrappingJackrabbitSession.java:125) at org.apache.jackrabbit.webdav.jcr.WorkspaceResourceImpl.getMembers(WorkspaceResourceImpl.java:310) at org.apache.jackrabbit.webdav.MultiStatus.addResourceProperties(MultiStatus.java:63) at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.doPropFind(AbstractWebdavServlet.java:560) at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.execute(AbstractWebdavServlet.java:348) at org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.service(AbstractWebdavServlet.java:291) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85) at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79) at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:89) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135) at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74) at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:133) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135) at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74) at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128) at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) at org.eclipse.jetty.server.Server.handle(Server.java:523) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) at java.lang.Thread.run(Thread.java:745) {noformat} > Restrict access for principal everyone and move configuration to repoinit > ------------------------------------------------------------------------- > > Key: SLING-6130 > URL: https://issues.apache.org/jira/browse/SLING-6130 > Project: Sling > Issue Type: Improvement > Components: JCR, Oak > Affects Versions: JCR Oak Server 1.1.0 > Reporter: Oliver Lietz > Assignee: Oliver Lietz > Labels: security > Fix For: JCR Oak Server 1.1.2 > > Attachments: error.log > > > Currently {{everyone}} can {{read}} from {{/}} (configured in > {{OakSlingRepositoryManager}}). > Access for {{everyone}} should be restricted: > * {{read}} should be restricted to {{/content}} > * configuration of principals and ACLs should be done with _repoinit_ > # -Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}}- > (/) (-[r1764259|https://svn.apache.org/r1764259]-) > # Fix modules (samples) relying on _unrestricted_ {{read}} access > # Move configuration of ACLs to _repoinit_ (/) > discussion on > [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E] -- This message was sent by Atlassian JIRA (v6.3.4#6332)