Major Description
org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry() does not work correctly, if the given principal is not retrieved from the PrincipalManager.
Exception:
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccessControl0013: Duplicate ACE found in policy at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidator.accessViolation(AccessControlValidator.java:278) at org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidator.checkValidPolicy(AccessControlValidator.java:188)
this used to work in jackrabbit 2.x.
the problem is probably in org.apache.jackrabbit.oak.security.authorization.accesscontrol.ACL#internalAddEntry where the principals are "equalled" instead of comparing their names.
note, that adding an ACE with such a principal works, just the merging/overwriting detection doesn't.
test:
Principal p1 = new Principal() { getName(){return "foo"}}; Principal p2 = new Principal() { getName(){return "foo"}}; acl.addEntry(p1, privileges, true); acl.addEntry(p2, privileges, false); ... save(); // throws