Netcentric AC tool giving error on AEMaaCS -Exception in AceServiceImpl: {} java.lang.UnsupportedOperationException: This builder is read-only. | Community
Skip to main content
A
ashish_panwar_adobe
Level 2
January 21, 2022
Solved

Netcentric AC tool giving error on AEMaaCS -Exception in AceServiceImpl: {} java.lang.UnsupportedOperationException: This builder is read-only.

  • January 21, 2022
  • 1 reply
  • 4057 views
Hi,   Need expert advice on below issue in AEMaaCS(#aemaacs_onboarding) Netcentric AC Tool[1](<domain-port>/mnt/overlay/netcentric/actool/content/overview.html/actool): In Local cloud SDK, able to successfully create the groups and permissions using Netcentric tool plugin.
But when deploying the same ACL YAML file on Cloud, getting below error on AC Tool[1]:
11:36:35.721: *** Applying AC Tool Configuration...
11:36:35.721: Running with v3.0.2 on instance id 4e7c0244-e576-426c-b9f2-8462ba526b3b with restricted paths: [/bin, /conf, /content, /etc, /home, /system, /tmp, /var, ^/$, ^$]
11:36:35.764: Using YAML parser with ConfigurationAdmin Plugin placeholder support
11:36:35.764: Using configuration file /apps/<client-project>/acl/setup.yaml
11:37:34.967: Loaded configuration in 59.2sec
11:37:42.385: Retrieved existing ACLs from repository in 7.4sec
11:37:42.385: *** Starting installation of 1616 authorizables from configuration...
11:37:47.457: Prefetched 1871 authorizables in 5.1sec
11:38:24.915: Prefetched 5822 memberships in 37.5sec
11:38:32.211: Created 15 authorizables (moved 0 authorizables)
11:38:32.211: Finished installation of authorizables without errors in 49.8sec
11:38:36.889: ERROR: Could not process yaml files / e=java.lang.UnsupportedOperationException: This builder is read-only.
Execution time: 0 ms
Success: false

*ERROR* POST /mnt/overlay/netcentric/actool/content/overview/content/items/actoolpanel HTTP/1.1] biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl Exception in AceServiceImpl: {}
java.lang.UnsupportedOperationException: This builder is read-only.
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.unsupported(ReadOnlyBuilder.java:44) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.spi.state.ReadOnlyBuilder.remove(ReadOnlyBuilder.java:110) [org.apache.jackrabbit.oak-store-spi:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.SecureNodeBuilder.remove(SecureNodeBuilder.java:166) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.plugins.tree.impl.AbstractMutableTree.remove(AbstractMutableTree.java:51) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.core.MutableTree.remove(MutableTree.java:184) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.removePolicy(AccessControlManagerImpl.java:322) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.removePolicy(CompositeAccessControlManager.java:127) [org.apache.jackrabbit.oak-core:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$9.performVoid(AccessControlManagerDelegator.java:135) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:275) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.removePolicy(AccessControlManagerDelegator.java:132) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.removePolicy(JackrabbitAccessControlManagerDelegator.java:175) [org.apache.jackrabbit.oak-jcr:1.40.0.T20220110121513-be5e04f]
at biz.netcentric.cq.tools.actool.helper.AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(AccessControlUtils.java:196) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.removeAcesForPathsNotInConfig(AcInstallationServiceImpl.java:348) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAces(AcInstallationServiceImpl.java:462) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAcConfiguration(AcInstallationServiceImpl.java:330) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installMergedConfigurations(AcInstallationServiceImpl.java:642) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installConfigurationFiles(AcInstallationServiceImpl.java:289) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.apply(AcInstallationServiceImpl.java:217) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolUiService.doPost(AcToolUiService.java:79) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2]
at biz.netcentric.cq.tools.actool.ui.AcToolTouchUiServlet.doPost(AcToolTouchUiServlet.java:67) [biz.netcentric.cq.tools.accesscontroltool.bundle:3.0.2] 

 

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.

Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.

1 reply

joerghoh
Adobe Employee
joerghohAdobe EmployeeAccepted solution
Adobe Employee
January 21, 2022

You are trying on runtime to modify ACLs in the immutable parts of the repository; /libs and /apps are not writeable in AEM CS during runtime.

Check your scripts if you want to set ACLs in these areas, and convert them into repoinit statements.

    A
    ashish_panwar_adobeAuthor
    Level 2
    January 24, 2022

    There is another thread where similar issue observed using repoinit.

    Is it the only solution to move from netcentric to repoinit?

    Client YAML has more than 1 Lakh of permissions and groups created that contains ~400 configs related to /apps and /libs only with read only permissions

      joerghoh
      Adobe Employee
      joerghohAdobe Employee
      Adobe Employee
      January 24, 2022

      Yep, you have to migrate them, because /libs and /apps are read-only during runtime (and that is a limitation you cannot avoid). 

      I think that it is a valid feature request on the AC Tool side to dump all rules affecting /libs or /apps as repoinit statements.

        Terms & ConditionsAccessibility statement

        Loading footer...