Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-8383

AccessControlValidator: check for duplicate ACE ignores allow/deny status

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.16.0
    • Component/s: core, security
    • Labels:
      None

      Description

      just found out that the verification in AccessControlValidator asserting that no duplicate entries are present, doesn't take the primary type of the ACE node into account which defines if the entry is allowing or denying access.
      In otherwords: when manually adding 2 entries though oak API that only differ by the allow/deny the validator will wrongly fail, warning about duplicate entries. Since adding ACEs manually through JCR API is not possible and the access control list implementation filters out duplications, this issue hasn't shown up.

      cc Alex Deparvu

        Attachments

          Activity

            People

            • Assignee:
              angela Angela Schreiber
              Reporter:
              angela Angela Schreiber
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: