Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8000

AccessControlManagerImpl.getEffectivePolicies(String) doesn't respect restrictions

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: core, security
    • Labels:
      None

      Description

      Alex Deparvu, looking at the implementation of AccessControlManagerImpl.getEffectivePolicies(String) I noticed that the implementation only walks up the hierarchy collection the access control lists but does not evaluated whether the individual entries actually take effect on the tree defined by the 'absPath' param. While this is always true for entries without restrictions, it doesn't necessarily apply for entries that hold restrictions.

      The easiest way to fix this was probably to call the variant of createACL that takes a Predicate and use that one to read and evaluate the restriction pattern present with each entry tree.

      Since the AccessControlManager.getEffectivePolicies is defined to be best-effort, I don't consider this a serious flaw. But for the sake of improved accuracy it might still be worth addressing. wdyt?

        Attachments

        1. OAK-8000-test.patch
          36 kB
          Angela Schreiber
        2. OAK-8000.patch
          13 kB
          Angela Schreiber

          Activity

            People

            • Assignee:
              angela Angela Schreiber
              Reporter:
              angela Angela Schreiber
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: