Hi,
When I run the following code, I get an exception that the principal does not exist:
final UserManager userManager = resourceResolver.adaptTo(UserManager.class);
userManager.autoSave(false); // need this line to make this operation atomic
final Group group = userManager.createGroup(
groupId,
new UserPrincipal(groupId),
groupPath
);
AccessControlUtil.replaceAccessControlEntry(
session,
"/some/path",
group.getPrincipal(),
new String[]{
Replicator.REPLICATE_PRIVILEGE,
Privilege.JCR_ALL
};,
null, null, null
);
UserPrincipal is a class we have defined:
public class UserPrincipal implements Principal, Serializable {
private final String name;
public UserPrincipal(String name) throws IllegalArgumentException {
this.name = name;
}
public String getName() {
return name;
}
// ...
}
If I save the session before invoking replaceAccessControlEntry it works with no problem.
The exception occurs in line 363 of AccessControlUtil:
acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
From there, I cannot debug further as apparently CQ5, after we have installed a bunch of hot fixes, is using version
2.6.6-r1605781 of jackrabbit-core, but that version is not available in Adobe's Nexus repos so my breakpoints go
to /dev/null ;) (I am not sure if my CQ5 instance is using Jackrabbit Core 2.6.6-r1605781, but some adhoc searching
unser cq-quickstart returns /crx-quickstart/launchpad/felix/bundle65/version0.2/bundle.jar-embedded/jackrabbit-core-2.6.6-r1605781.jar
so I assume that's the version. Is there a way to find the exact version of jackrabbit core used by my current CQ instance?)
The problem might be here though:
protected void checkValidEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws AccessControlException {
if(principal instanceof UnknownPrincipal) {
log.debug("Consider fallback principal as valid: {}", principal.getName());
} else if(!this.principalMgr.hasPrincipal(principal.getName())) {
if(!this.allowUnknownPrincipals) {
throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
}
log.debug("Consider fallback principal as valid: {}", principal.getName());
}
if(this.path == null && restrictions != null && !restrictions.isEmpty()) {
throw new AccessControlException("Repository level policy does not support restrictions.");
}
}
And the culprit code could be:
} else if(!this.principalMgr.hasPrincipal(principal.getName())) {
if(!this.allowUnknownPrincipals) {
throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
}
Is there a way to set allowUnknownPrincipals to true? Or to make the above code work without saving the session
after createGroup?
Thanks