Hi Konrad There has been no change in that area for ages.
Oak out of the box does not mandate a Group 'everyone' to exist in the user management. It will however always exist if you retrieve it through Principal Manager in the default implementation. So, * every user/group accessible through user management API will have a principal attached that is also accessible through principal management API * no every principal accessible through the principal management API is guaranteed to be backed by a user/group in user management. Reason: principals are required for access control setup. They may come from any source plugged into Oak.... and one source of principals is user/groups stored in the repository. AEM out of the box will have a group 'everyone' installed.... but if you chose to remove it, the access control evaluation and principal resolution for your logged in user would still work. So, testing for the lookup of the group to null, would just be defensive programming. Hope that helps Angela ________________________________ From: Konrad Windszus <[email protected]> Sent: Thursday, June 13, 2024 17:07 To: [email protected] <[email protected]> Subject: Authorizable for EveryonePrincipal EXTERNAL: Use caution when clicking on links or opening attachments. Hi, Was it always the case that the “everyone" principal could not be resolved to an Authorizable via org.apache.jackrabbit.api.security.user.UserManager.getAuthorizable(<EveryonePrincipal>)? I found several places in AEM code where the return value of UserManager.getAuthorizable(Principal) is unconditionally dereferenced. Is the null return value a new behaviour or has it always been like that? Thanks, Konrad
