[
https://issues.apache.org/jira/browse/OAK-1348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved OAK-1348.
-------------------------
Resolution: Fixed
Fix Version/s: 0.16
rev. 1562092
> ACE merging not behaving correctly if not using managed principals
> ------------------------------------------------------------------
>
> Key: OAK-1348
> URL: https://issues.apache.org/jira/browse/OAK-1348
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
> Affects Versions: 0.15
> Reporter: Tobias Bocanegra
> Assignee: angela
> Fix For: 0.16
>
>
> {{org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry()}}
> does not work correctly, if the given principal is not retrieved from the
> PrincipalManager.
> Exception:
> {noformat}
> Caused by: org.apache.jackrabbit.oak.api.CommitFailedException:
> OakAccessControl0013: Duplicate ACE found in policy
> at
> org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidator.accessViolation(AccessControlValidator.java:278)
> at
> org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidator.checkValidPolicy(AccessControlValidator.java:188)
> {noformat}
> this used to work in jackrabbit 2.x.
> the problem is probably in
> {{org.apache.jackrabbit.oak.security.authorization.accesscontrol.ACL#internalAddEntry}}
> where the principals are "equalled" instead of comparing their names.
> note, that adding an ACE with such a principal works, just the
> merging/overwriting detection doesn't.
> test:
> {code}
> Principal p1 = new Principal() { getName(){return "foo"}};
> Principal p2 = new Principal() { getName(){return "foo"}};
> acl.addEntry(p1, privileges, true);
> acl.addEntry(p2, privileges, false);
> ...
> save(); // throws
> {code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
