Description
When importing a file vault package with a group that exists before (same uuid in the .content.xml) but modified authorizable id, this NPE happens:
Caused by: java.lang.NullPointerException: null at org.apache.jackrabbit.oak.security.user.UserImporter.handlePropInfo(UserImporter.java:242) at org.apache.jackrabbit.oak.jcr.xml.ImporterImpl.importProperties(ImporterImpl.java:287) at org.apache.jackrabbit.oak.jcr.xml.ImporterImpl.startNode(ImporterImpl.java:470) at org.apache.jackrabbit.oak.jcr.xml.SysViewImportHandler.processNode(SysViewImportHandler.java:80) at org.apache.jackrabbit.oak.jcr.xml.SysViewImportHandler.startElement(SysViewImportHandler.java:117) at org.apache.jackrabbit.oak.jcr.xml.ImportHandler.startElement(ImportHandler.java:183) at org.apache.jackrabbit.vault.fs.impl.io.JcrSysViewTransformer.startNode(JcrSysViewTransformer.java:167) at org.apache.jackrabbit.vault.fs.impl.io.DocViewSAXImporter.startElement(DocViewSAXImporter.java:598) ... 87 common frames omitted
It looks like this line, meaning userManager.getAuthorizable(id) returned null.
While the use case might not be something to support (this happens during development, changing group names/details until "right"), at least the NPE should be guarded against and a better error message given.
Looking closer, it seems like a difference between UserManager.getAuthorizable(Tree) (called earlier in the method) (I assume using UUID to look up the existing group successfully) and UserManager.getAuthorizable(String) (using the rep:authorizableId to look up the user, failing, because it changed).