Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Netcentric AC tool giving error on AEMaaCS -Exception in AceServiceImpl: {} java.lang.UnsupportedOperationException: This builder is read-only.

Avatar

Level 2
Level 2
1/21/22 12:06:40 AM
Hi,   Need expert advice on below issue in AEMaaCS(#aemaacs_onboarding) Netcentric AC Tool[1](<domain-port>/mnt/overlay/netcentric/actool/content/overview.html/actool): In Local cloud SDK, able to successfully create the groups and permissions using Netcentric tool plugin.
But when deploying the same ACL YAML file on Cloud, getting below error on AC Tool[1]:
11:36:35.721: *** Applying AC Tool Configuration...
11:36:35.721: Running with v3.0.2 on instance id 4e7c0244-e576-426c-b9f2-8462ba526b3b with restricted paths: [/bin, /conf, /content, /etc, /home, /system, /tmp, /var, ^/$, ^$]
11:36:35.764: Using YAML parser with ConfigurationAdmin Plugin placeholder support
11:36:35.764: Using configuration file /apps/<client-project>/acl/setup.yaml
11:37:34.967: Loaded configuration in 59.2sec
11:37:42.385: Retrieved existing ACLs from repository in 7.4sec
11:37:42.385: *** Starting installation of 1616 authorizables from configuration...
11:37:47.457: Prefetched 1871 authorizables in 5.1sec
11:38:24.915: Prefetched 5822 memberships in 37.5sec
11:38:32.211: Created 15 authorizables (moved 0 authorizables)
11:38:32.211: Finished installation of authorizables without errors in 49.8sec
11:38:36.889: ERROR: Could not process yaml files / e=java.lang.UnsupportedOperationException: This builder is read-only.
Execution time: 0 ms
Success: false

*ERROR* POST /mnt/overlay/netcentric/actool/content/overview/content/items/actoolpanel HTTP/1.1] biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl Exception in AceServiceImpl: {}
java.lang.UnsupportedOperationException: This builder is read-only.
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.unsupported(ReadOnlyBuilder.java:44) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.remove(ReadOnlyBuilder.java:110) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.SecureNodeBuilder.remove(SecureNodeBuilder.java:166) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.plugins.tree.impl.AbstractMutableTree.remove(AbstractMutableTree.java:51) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.MutableTree.remove(MutableTree.java:184) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.removePolicy(AccessControlManagerImpl.java:322) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.removePolicy(CompositeAccessControlManager.java:127) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$9.performVoid(AccessControlManagerDelegator.java:135) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:275) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.removePolicy(AccessControlManagerDelegator.java:132) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.removePolicy(JackrabbitAccessControlManagerDelegator.java:175) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at biz.netcentric.cq.tools.actool.helper.AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(AccessControlUtils.java:196) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.removeAcesForPathsNotInConfig(AcInstallationServiceImpl.java:348) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAces(AcInstallationServiceImpl.java:462) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAcConfiguration(AcInstallationServiceImpl.java:330) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installMergedConfigurations(AcInstallationServiceImpl.java:642) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installConfigurationFiles(AcInstallationServiceImpl.java:289) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.apply(AcInstallationServiceImpl.java:217) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolUiService.doPost(AcToolUiService.java:79) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolTouchUiServlet.doPost(AcToolTouchUiServlet.java:67) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2] 

 

 

Views

2.9K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/21/22 10:57:19 AM

You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.

Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.

View solution in original post

Views

2.9K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
1/21/22 10:57:19 AM

You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.

Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.

Views

2.9K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
1/23/22 11:51:54 PM
In response to Jörg_Hoh

There is another thread where similar issue observed using repoinit.

Is it the only solution to move from netcentric to repoinit?

Client YAML has more than 1 Lakh of permissions and groups created that contains ~400 configs related to /apps and /libs only with read only permissions

Views

2.9K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
1/24/22 12:19:02 AM
In response to ashish_panwar_adobe

Yep, you have to migrate them, because /libs and /apps are read-only during runtime (and that is a limitation you cannot avoid). 

I think that it is a valid feature request on the AC Tool side to dump all rules affecting /libs or /apps as repoinit statements.

Views

2.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to dynamically add components in your container component? Solved

Views

171

Likes

0

Replies

5
how to set up cache invalidation on webserver for multiple domain

Views

30

Likes

0

Replies

0
how to include private aws codeartifact repository in AEM as Cloud Service Project

Views

42

Likes

0

Replies

0
Using websockets in AEM

Views

40

Likes

0

Replies

0
Restrict ServerAlias domain in dispatcher based on environment

Views

67

Likes

0

Replies

1