11:36:35.721: *** Applying AC Tool Configuration... 11:36:35.721: Running with v3.0.2 on instance id 4e7c0244-e576-426c-b9f2-8462ba526b3b with restricted paths: [/bin, /conf, /content, /etc, /home, /system, /tmp, /var, ^/$, ^$] 11:36:35.764: Using YAML parser with ConfigurationAdmin Plugin placeholder support 11:36:35.764: Using configuration file /apps/<client-project>/acl/setup.yaml 11:37:34.967: Loaded configuration in 59.2sec 11:37:42.385: Retrieved existing ACLs from repository in 7.4sec 11:37:42.385: *** Starting installation of 1616 authorizables from configuration... 11:37:47.457: Prefetched 1871 authorizables in 5.1sec 11:38:24.915: Prefetched 5822 memberships in 37.5sec 11:38:32.211: Created 15 authorizables (moved 0 authorizables) 11:38:32.211: Finished installation of authorizables without errors in 49.8sec 11:38:36.889: ERROR: Could not process yaml files / e=java.lang.UnsupportedOperationException: This builder is read-only. Execution time: 0 ms Success: false
*ERROR* POST /mnt/overlay/netcentric/actool/content/overview/content/items/actoolpanel HTTP/1.1] biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl Exception in AceServiceImpl: {}
java.lang.UnsupportedOperationException: This builder is read-only.
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.unsupported(ReadOnlyBuilder.java:44) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.remove(ReadOnlyBuilder.java:110) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.SecureNodeBuilder.remove(SecureNodeBuilder.java:166) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.plugins.tree.impl.AbstractMutableTree.remove(AbstractMutableTree.java:51) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.MutableTree.remove(MutableTree.java:184) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.removePolicy(AccessControlManagerImpl.java:322) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.removePolicy(CompositeAccessControlManager.java:127) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$9.performVoid(AccessControlManagerDelegator.java:135) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:275) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.removePolicy(AccessControlManagerDelegator.java:132) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.removePolicy(JackrabbitAccessControlManagerDelegator.java:175) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at biz.netcentric.cq.tools.actool.helper.AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(AccessControlUtils.java:196) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.removeAcesForPathsNotInConfig(AcInstallationServiceImpl.java:348) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAces(AcInstallationServiceImpl.java:462) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAcConfiguration(AcInstallationServiceImpl.java:330) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installMergedConfigurations(AcInstallationServiceImpl.java:642) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installConfigurationFiles(AcInstallationServiceImpl.java:289) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.apply(AcInstallationServiceImpl.java:217) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolUiService.doPost(AcToolUiService.java:79) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolTouchUiServlet.doPost(AcToolTouchUiServlet.java:67) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
Solved! Go to Solution.
Views
Replies
Total Likes
You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.
Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.
You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.
Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.
There is another thread where similar issue observed using repoinit.
Is it the only solution to move from netcentric to repoinit?
Client YAML has more than 1 Lakh of permissions and groups created that contains ~400 configs related to /apps and /libs only with read only permissions
Yep, you have to migrate them, because /libs and /apps are read-only during runtime (and that is a limitation you cannot avoid).
I think that it is a valid feature request on the AC Tool side to dump all rules affecting /libs or /apps as repoinit statements.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies