[ https://issues.apache.org/jira/browse/OAK-7356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16409247#comment-16409247 ]
Alex Deparvu commented on OAK-7356: ----------------------------------- patch looks good, +1 for exposing the OSGi config I was talking about felix inventory integration (OAK-6179). should we track this as a separate issue? > CugConfiguration may not pick up CugExclude > ------------------------------------------- > > Key: OAK-7356 > URL: https://issues.apache.org/jira/browse/OAK-7356 > Project: Jackrabbit Oak > Issue Type: Bug > Components: authorization-cug > Reporter: angela > Assignee: angela > Priority: Major > Fix For: 1.9.0, 1.10 > > Attachments: OAK-7356-2.patch, OAK-7356.patch > > > It seems that the {{CugConfiguration}} may under some circumstances not > properly pick up the {{CugExclude}}, which results in the > {{CugConfiguration}} falling back to the default, that only excludes the > {{AdminPrincipal}}, {{SystemPrincipal}} and {{SystemUserPrincipals}} from CUG > evaluation. > In order to address the issue without disrupting the default setup, I would > like to propose the following changes: > - {{CugConfiguration}}: Change reference cardinality of the the > {{CugExclude}} from {{ReferenceCardinality.OPTIONAL_UNARY}} to > {{ReferenceCardinality.MANDATORY_UNARY}} > - {{CugExcludeImpl}}: Don't require an explicit configuration (i.e. drop > {{ConfigurationPolicy.REQUIRE}}). Since it extends from > {{CugExclude.Default}} the default behavior in absense of a configured set of > principal names will be equivalent to the intended default in > {{CugConfiguration}} with the optional reference. -- This message was sent by Atlassian JIRA (v7.6.3#76005)