[
https://issues.apache.org/jira/browse/OAK-7356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16409247#comment-16409247
]
Alex Deparvu commented on OAK-7356:
-----------------------------------
patch looks good, +1
for exposing the OSGi config I was talking about felix inventory integration
(OAK-6179). should we track this as a separate issue?
> CugConfiguration may not pick up CugExclude
> -------------------------------------------
>
> Key: OAK-7356
> URL: https://issues.apache.org/jira/browse/OAK-7356
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: authorization-cug
> Reporter: angela
> Assignee: angela
> Priority: Major
> Fix For: 1.9.0, 1.10
>
> Attachments: OAK-7356-2.patch, OAK-7356.patch
>
>
> It seems that the {{CugConfiguration}} may under some circumstances not
> properly pick up the {{CugExclude}}, which results in the
> {{CugConfiguration}} falling back to the default, that only excludes the
> {{AdminPrincipal}}, {{SystemPrincipal}} and {{SystemUserPrincipals}} from CUG
> evaluation.
> In order to address the issue without disrupting the default setup, I would
> like to propose the following changes:
> - {{CugConfiguration}}: Change reference cardinality of the the
> {{CugExclude}} from {{ReferenceCardinality.OPTIONAL_UNARY}} to
> {{ReferenceCardinality.MANDATORY_UNARY}}
> - {{CugExcludeImpl}}: Don't require an explicit configuration (i.e. drop
> {{ConfigurationPolicy.REQUIRE}}). Since it extends from
> {{CugExclude.Default}} the default behavior in absense of a configured set of
> principal names will be equivalent to the intended default in
> {{CugConfiguration}} with the optional reference.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
