Expand my Community achievements bar.

SOLVED

AEM Project Build Issue - CQRules:CQBP-84 - Netcentric:accesscontroltool-package - product interface org.apache.jackrabbit.api.security.user.Query should not be implemented by custom code.

Avatar

Community Advisor

Hi All,

 

We have recently had this build issue come up in our deployment pipeline which states the following - 

Rule - CQRules:CQBP-84

Issue - The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code.

 

This is being reported at below file locations - 

Netcentric:accesscontroltool-package:3.0.9
Netcentric:accesscontroltool-package:3.0.9

 

The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.dumpservice.impl.DumpServiceImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.

The product interface org.apache.jackrabbit.api.security.user.Query annotated with @ProviderType should not be implemented by custom code. Detected in biz.netcentric.cq.tools.actool.authorizableinstaller.impl.AuthInstallerUserManagerPrefetchingImpl$1 contained in /apps/netcentric/actool/install/accesscontroltool-bundle-3.0.9.jar.

 

The weird part is the issue has started showing up recently (It was not there in our last build done on Sept 08, 2023)

Any ideas on how to troubleshoot this issue? As far as I can tell the netcentric jar is using Query interface and thus lies beyond our custom application codebase.

 

@aanchal-sikka@arunpatidar@EstebanBustamante@Jörg_Hoh@Harwinder-singh,

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @Rohan_Garg 

 

The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671

 

The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121

 

Should be available in next version of netcentric tool


Aanchal Sikka

View solution in original post

8 Replies

Avatar

Correct answer by
Community Advisor

Hello @Rohan_Garg 

 

The issue has been reported on https://github.com/Netcentric/accesscontroltool/issues/671

 

The fix is currently in review https://github.com/apache/jackrabbit-oak/pull/1121

 

Should be available in next version of netcentric tool


Aanchal Sikka

Avatar

Level 1

Can the AEM code quality pipeline be fixed to not randomly fail builds due to new issues it finds with existing dependency packages that haven't been changed since the last build?

Avatar

Level 1

In our case, the server we're deploying to is running some older version of jackrabbit oak-core: 1.22.13. This issue looks like it was introduced in 1.56.0, which means somehow the cloud pipeline is scanning against the latest versions of packages that don't even apply to the server that's being deployed to. This is a serious issue with the code quality pipeline.

Avatar

Community Advisor

@MATTHEW_AST 

 

Adobe is continuously enhancing the platform. Once they update CM rules, they would expect the code to comply as per the latest ones.

 

I agree to your point, that there should be some notification sent in advance, to cross-verify our code against the upcoming rules updates. May be a pipeline that has early updates and can be used to verify code.


Aanchal Sikka

Avatar

Level 2

Thanks @aanchal-sikka. I am still facing the issue today. Do we need to update anything from our end or is it Adobe's fix? Our CI pipelines are failing with the same issue. Could you please advise

File LocationLine NumberIssueTypeSeverityEffortRuleTagsDocumentation   
adobe/consulting:acs-aem-commons-content:5.3.40The product interface org.apache.jackrabbit.api.JackrabbitSession annotated with @ProviderType should not be implemented by custom code. Detected in com.adobe.acs.commons.wrap.jackrabbit.JackrabbitSessionIWrap contained in /apps/acs-commons/install/acs-aem-commons-bundle-5.3.4.jar.BugCritical30mCQRules:CQBP-84cqsoftwarequalityhttps://www.adobe.com/go/aem_cmcq_cqbp-84_en

Avatar

Community Advisor

Hello @gmalagondla 

 

Please monitor the updates via following link

 

  1. The Netcentric team would need to release a new version on ACL tool with the fix
  2. We would need to update the version of the ACL package in the code

 

Adobe won't be able to fix the code, unless they lower the priority of the rule. I have no idea, if thats possible.


Aanchal Sikka

Avatar

Level 2

Hi,

 

Was anyone able to fix this issue?

I tried using the latest accesscontrol version 3.0.9 but had no luck with this issue.

 

Please let me know if anyone was able to fix this.