Hi,
When I run the following code, I get an exception that the principal does not exist:
final UserManager userManager = resourceResolver.adaptTo(UserManager.class);
userManager.autoSave(false); // need this line to make this operation atomic
final Group group = userManager.createGroup(
groupId,
new UserPrincipal(groupId),
groupPath
);
AccessControlUtil.replaceAccessControlEntry(
session,
"/some/path",
group.getPrincipal(),
new String[]{
Replicator.REPLICATE_PRIVILEGE,
Privilege.JCR_ALL
};,
null, null, null
);
UserPrincipal is a class we have defined:
public class UserPrincipal implements Principal, Serializable {
private final String name;
public UserPrincipal(String name) throws IllegalArgumentException {
this.name = name;
}
public String getName() {
return name;
}
// ...
}
If I save the session before invoking replaceAccessControlEntry it works with no problem.
The exception occurs in line 363 of AccessControlUtil:
acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
From there, I cannot debug further as apparently CQ5, after we have installed a bunch of hot fixes, is using version
2.6.6-r1605781 of jackrabbit-core, but that version is not available in Adobe's Nexus repos so my breakpoints go
to /dev/null ;) (I am not sure if my CQ5 instance is using Jackrabbit Core 2.6.6-r1605781, but some adhoc searching
unser cq-quickstart returns /crx-quickstart/launchpad/felix/bundle65/version0.2/bundle.jar-embedded/jackrabbit-core-2.6.6-r1605781.jar
so I assume that's the version. Is there a way to find the exact version of jackrabbit core used by my current CQ instance?)
The problem might be here though:
protected void checkValidEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws AccessControlException {
if(principal instanceof UnknownPrincipal) {
log.debug("Consider fallback principal as valid: {}", principal.getName());
} else if(!this.principalMgr.hasPrincipal(principal.getName())) {
if(!this.allowUnknownPrincipals) {
throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
}
log.debug("Consider fallback principal as valid: {}", principal.getName());
}
if(this.path == null && restrictions != null && !restrictions.isEmpty()) {
throw new AccessControlException("Repository level policy does not support restrictions.");
}
}
And the culprit code could be:
} else if(!this.principalMgr.hasPrincipal(principal.getName())) {
if(!this.allowUnknownPrincipals) {
throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
}
Is there a way to set allowUnknownPrincipals to true? Or to make the above code work without saving the session
after createGroup?
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
This looks like a potential bug. File a ticket here:
http://helpx.adobe.com/marketing-cloud/experience-manager.html
Views
Replies
Total Likes
This looks like a potential bug. File a ticket here:
http://helpx.adobe.com/marketing-cloud/experience-manager.html
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies