You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2018/12/10 12:56:00 UTC
[jira] [Commented] (OAK-7952) JCR System users do no longer
consider group ACEs of groups they are member of
[ https://issues.apache.org/jira/browse/OAK-7952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714680#comment-16714680 ]
Konrad Windszus commented on OAK-7952:
--------------------------------------
[~anchela] Could this be related to OAK-3003? For us it worked though in Oak 1.6.x.
> JCR System users do no longer consider group ACEs of groups they are member of
> ------------------------------------------------------------------------------
>
> Key: OAK-7952
> URL: https://issues.apache.org/jira/browse/OAK-7952
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.8.3
> Reporter: Konrad Windszus
> Priority: Major
> Attachments: OAK-7952_test-servlet.java
>
>
> In Oak 1.8.3 the JCR system users (JCR-3802) do no longer consider the access control entries bound to a group principal (belonging to a group they are member of). Only direct ACEs seem to be considered.
> I used the attached simple servlet to test read access of an existing service-user "workflow-service". Unfortunately it throws a {{javax.jcr.PathNotFoundException}} although the service user should inherit read access to the accessed path via its group membership. It works flawlessly in case the system user has direct read access to that path.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)