[
https://issues.apache.org/jira/browse/SLING-6182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15828204#comment-15828204
]
Bertrand Delacretaz commented on SLING-6182:
--------------------------------------------
If the problem is indeed that the sling-script user creation is asynchronous
(do we know that?) best is probably for the repoinit code to wait until that
user is effectively created.
For this we might improve Oak to provide an event or callback when the user
creation is effective, or find suitable code that repoinit can execute in a
loop to find out.
> repoinit fails to set ACL on previously created principal
> ---------------------------------------------------------
>
> Key: SLING-6182
> URL: https://issues.apache.org/jira/browse/SLING-6182
> Project: Sling
> Issue Type: Bug
> Components: JCR, Repoinit
> Reporter: Oliver Lietz
> Assignee: Bertrand Delacretaz
> Priority: Critical
>
> {noformat}
> 2016-10-23 14:23:46,104 DEBUG [FelixStartLevel]
> o.a.s.j.o.s.i.OakSlingRepositoryManager [AbstractSlingRepositoryManager.java
> : 335] start: calling SlingRepositoryInitializer
> 2016-10-23 14:23:46,104 DEBUG [FelixStartLevel]
> o.a.s.j.o.s.i.OakSlingRepositoryManager [AbstractSlingRepositoryManager.java
> : 376] Executing RepositoryInitializer,
> references=[raw:file:/[...]/scripting/org.apache.sling.scripting.thymeleaf/src/test/resources/repoinit.txt]
> 2016-10-23 14:23:46,104 DEBUG [FelixStartLevel]
> o.a.s.j.b.i.LoginAdminWhitelistImpl [LoginAdminWhitelistImpl.java : 138]
> org.apache.sling.jcr.oak.server is whitelisted to use loginAdministrative, by
> explicit whitelist
> 2016-10-23 14:23:46,104 DEBUG [FelixStartLevel]
> o.a.s.j.o.s.i.OakSlingRepository [AbstractSlingRepository2.java : 384]
> SlingRepository.loginAdministrative is deprecated. Please use
> SlingRepository.loginService.
> 2016-10-23 14:23:46,104 DEBUG [FelixStartLevel]
> o.a.j.o.s.a.LoginContextProviderImpl [LoginContextProviderImpl.java : 77]
> Found pre-authenticated subject: No further login actions required.
> 2016-10-23 14:23:46,106 INFO [FelixStartLevel]
> o.a.s.j.r.i.RepoinitTextProvider [RepoinitTextProvider.java : 99] Reading
> repoinit statements from Reference:format=raw,
> URL=file:/[...]/scripting/org.apache.sling.scripting.thymeleaf/src/test/resources/repoinit.txt
> 2016-10-23 14:23:46,106 DEBUG [FelixStartLevel]
> o.a.s.j.r.i.RepoinitTextProvider [RepoinitTextProvider.java : 101] Raw text
> from
> file:/[...]/scripting/org.apache.sling.scripting.thymeleaf/src/test/resources/repoinit.txt:
>
> ################################################################################
> #
> # Licensed to the Apache Software Foundation (ASF) under one or more
> # contributor license agreements. See the NOTICE file distributed with
> # this work for additional information regarding copyright ownership.
> # The ASF licenses this file to You under the Apache License, Version 2.0
> # (the "License"); you may not use this file except in compliance with
> # the License. You may obtain a copy of the License at
> #
> # http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing, software
> # distributed under the License is distributed on an "AS IS" BASIS,
> # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> # See the License for the specific language governing permissions and
> # limitations under the License.
> #
> ################################################################################
> create path (sling:Folder) /apps
> create path (sling:Folder) /libs
> create service user sling-scripting
> set ACL for sling-scripting
> allow jcr:read on /apps
> allow jcr:read on /libs
> end
> # JCR Oak Server > 1.1.0
> create path (sling:OrderedFolder) /content
> set ACL for everyone
> allow jcr:read on /content
> end
> 2016-10-23 14:23:46,115 INFO [FelixStartLevel]
> o.a.s.j.r.i.RepositoryInitializer [RepositoryInitializer.java : 114]
> Executing 6 repoinit operations
> 2016-10-23 14:23:46,123 INFO [FelixStartLevel]
> o.a.s.j.r.i.ServiceAndAclVisitor [ServiceAndAclVisitor.java : 125] Creating
> node /apps with primary type sling:Folder
> 2016-10-23 14:23:46,124 DEBUG [FelixStartLevel] o.a.j.o.audit
> [SessionDelegate.java : 655] [admin] [session-11] Adding node [//apps]
> 2016-10-23 14:23:46,126 DEBUG [FelixStartLevel] o.a.j.o.p.i.IndexUpdate
> [IndexUpdate.java : 268] Indexing report
> - /oak:index/nodetype(1)
> 2016-10-23 14:23:46,127 INFO [FelixStartLevel]
> o.a.s.j.r.i.ServiceAndAclVisitor [ServiceAndAclVisitor.java : 125] Creating
> node /libs with primary type sling:Folder
> 2016-10-23 14:23:46,127 DEBUG [FelixStartLevel] o.a.j.o.audit
> [SessionDelegate.java : 655] [admin] [session-11] Adding node [//libs]
> 2016-10-23 14:23:46,128 DEBUG [FelixStartLevel] o.a.j.o.p.i.IndexUpdate
> [IndexUpdate.java : 268] Indexing report
> - /oak:index/nodetype(1)
> 2016-10-23 14:23:46,132 DEBUG [FelixStartLevel] o.a.j.o.p.i.p.PropertyIndex
> [PropertyIndex.java : 165] property cost for uuid is 2.0
> 2016-10-23 14:23:46,133 DEBUG [FelixStartLevel] o.a.j.o.q.QueryEngineImpl
> [QueryEngineImpl.java : 295] No alternatives found. Query: select
> [nt:base].[jcr:primaryType] as [nt:base.jcr:primaryType] from [nt:base] as
> [nt:base] where [nt:base].[jcr:uuid] = $id
> 2016-10-23 14:23:46,135 INFO [FelixStartLevel]
> o.a.s.j.r.i.ServiceAndAclVisitor [ServiceAndAclVisitor.java : 60] Creating
> service user sling-scripting
> 2016-10-23 14:23:46,136 DEBUG [FelixStartLevel] o.a.j.o.p.i.p.PropertyIndex
> [PropertyIndex.java : 165] property cost for uuid is 2.0
> 2016-10-23 14:23:46,137 DEBUG [FelixStartLevel] o.a.j.o.q.QueryEngineImpl
> [QueryEngineImpl.java : 295] No alternatives found. Query: select
> [nt:base].[jcr:primaryType] as [nt:base.jcr:primaryType] from [nt:base] as
> [nt:base] where [nt:base].[jcr:uuid] = $id
> 2016-10-23 14:23:46,138 DEBUG [FelixStartLevel] o.a.j.o.p.i.p.PropertyIndex
> [PropertyIndex.java : 165] property cost for principalName is 2.0
> 2016-10-23 14:23:46,138 DEBUG [FelixStartLevel] o.a.j.o.q.QueryEngineImpl
> [QueryEngineImpl.java : 295] No alternatives found. Query: select
> [rep:Authorizable].[rep:authorizableId] as
> [rep:Authorizable.rep:authorizableId], [rep:Authorizable].[rep:principalName]
> as [rep:Authorizable.rep:principalName], [rep:Authorizable].[jcr:uuid] as
> [rep:Authorizable.jcr:uuid], [rep:Authorizable].[jcr:primaryType] as
> [rep:Authorizable.jcr:primaryType], [rep:Authorizable].[jcr:createdBy] as
> [rep:Authorizable.jcr:createdBy], [rep:Authorizable].[jcr:created] as
> [rep:Authorizable.jcr:created] from [rep:Authorizable] as [rep:Authorizable]
> where [rep:Authorizable].[rep:principalName] = $principalName
> 2016-10-23 14:23:46,139 DEBUG [FelixStartLevel] o.a.j.o.s.u.UserManagerImpl
> [UserManagerImpl.java : 190] System user created: sling-scripting
> 2016-10-23 14:23:46,144 DEBUG [FelixStartLevel] o.a.j.o.p.i.p.PropertyIndex
> [PropertyIndex.java : 165] property cost for principalName is 2.0
> 2016-10-23 14:23:46,144 DEBUG [FelixStartLevel] o.a.j.o.q.QueryEngineImpl
> [QueryEngineImpl.java : 295] No alternatives found. Query: select
> [rep:Authorizable].[rep:authorizableId] as
> [rep:Authorizable.rep:authorizableId], [rep:Authorizable].[rep:principalName]
> as [rep:Authorizable.rep:principalName], [rep:Authorizable].[jcr:uuid] as
> [rep:Authorizable.jcr:uuid], [rep:Authorizable].[jcr:primaryType] as
> [rep:Authorizable.jcr:primaryType], [rep:Authorizable].[jcr:createdBy] as
> [rep:Authorizable.jcr:createdBy], [rep:Authorizable].[jcr:created] as
> [rep:Authorizable.jcr:created] from [rep:Authorizable] as [rep:Authorizable]
> where [rep:Authorizable].[rep:principalName] = $principalName
> 2016-10-23 14:23:46,146 ERROR [FelixStartLevel]
> o.a.s.j.o.s.i.OakSlingRepositoryManager [AbstractSlingRepositoryManager.java
> : 345] Exception in a SlingRepositoryInitializer, SlingRepository service
> registration aborted
> java.lang.RuntimeException: Failed to set ACL
> (java.lang.IllegalStateException: Principal not found: sling-scripting)
> AclLine ALLOW {paths=[/apps], privileges=[jcr:read]}
> at
> org.apache.sling.jcr.repoinit.impl.ServiceAndAclVisitor.setAcl(ServiceAndAclVisitor.java:93)
> at
> org.apache.sling.jcr.repoinit.impl.ServiceAndAclVisitor.visitSetAclPrincipal(ServiceAndAclVisitor.java:102)
> at
> org.apache.sling.repoinit.parser.operations.SetAclPrincipals.accept(SetAclPrincipals.java:48)
> at
> org.apache.sling.jcr.repoinit.impl.JcrRepoInitOpsProcessorImpl.apply(JcrRepoInitOpsProcessorImpl.java:47)
> at
> org.apache.sling.jcr.repoinit.impl.RepositoryInitializer.processRepository(RepositoryInitializer.java:115)
> at
> org.apache.sling.jcr.base.AbstractSlingRepositoryManager.executeRepositoryInitializers(AbstractSlingRepositoryManager.java:378)
> at
> org.apache.sling.jcr.base.AbstractSlingRepositoryManager.start(AbstractSlingRepositoryManager.java:338)
> at
> org.apache.sling.jcr.oak.server.internal.OakSlingRepositoryManager.activate(OakSlingRepositoryManager.java:269)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
> at
> org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
> at
> org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
> at
> org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:297)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:108)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:906)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:879)
> at
> org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:748)
> at
> org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:1012)
> at
> org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:968)
> at
> org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1215)
> at
> org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1136)
> at
> org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.trackAdding(ServiceTracker.java:945)
> at
> org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.track(ServiceTracker.java:881)
> at
> org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1167)
> at
> org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:127)
> at
> org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
> at
> org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
> at
> org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
> at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
> at org.apache.felix.framework.Felix.registerService(Felix.java:3549)
> at
> org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)
> at
> org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:322)
> at
> org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService.registerNodeStore(SegmentNodeStoreService.java:386)
> at
> org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService.activate(SegmentNodeStoreService.java:337)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
> at
> org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
> at
> org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
> at
> org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
> at
> org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:297)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:108)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:906)
> at
> org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:879)
> at
> org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:748)
> at
> org.apache.felix.scr.impl.manager.AbstractComponentManager.enableInternal(AbstractComponentManager.java:674)
> at
> org.apache.felix.scr.impl.manager.AbstractComponentManager.enable(AbstractComponentManager.java:429)
> at
> org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.enableComponents(ConfigurableComponentHolder.java:657)
> at
> org.apache.felix.scr.impl.BundleComponentActivator.initialEnable(BundleComponentActivator.java:341)
> at
> org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:403)
> at org.apache.felix.scr.impl.Activator.access$200(Activator.java:54)
> at
> org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:278)
> at
> org.apache.felix.utils.extender.AbstractExtender.createExtension(AbstractExtender.java:259)
> at
> org.apache.felix.utils.extender.AbstractExtender.modifiedBundle(AbstractExtender.java:232)
> at
> org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:482)
> at
> org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:415)
> at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)
> at
> org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:444)
> at
> org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:916)
> at
> org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:835)
> at
> org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:517)
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4541)
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2172)
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1371)
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalStateException: Principal not found:
> sling-scripting
> at org.apache.sling.jcr.repoinit.impl.AclUtil.setAcl(AclUtil.java:61)
> at
> org.apache.sling.jcr.repoinit.impl.ServiceAndAclVisitor.setAcl(ServiceAndAclVisitor.java:91)
> ... 75 common frames omitted
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
