You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Ian Boston <ie...@tfd.co.uk> on 2009/11/01 17:41:30 UTC
Removed Principals make ACLs deny everything.
Looking at 1.5.7 (may also be the case in later versions)
IIUC, removing a User from the UserManager causes a
NoSuchPrincipalException in the ACLTempate.init(...) line 113, which
generates a deny on that node, regardless of the user accessing the
node.
IMHO, there should be a try catch on the processing of each ACE to
guard against this.
Removing all ACE's at the same time as removing a Principal is
probably not practical as the PrincipalManager might (if replaced)
lookup principals externally.
?
Can provide a patch, if this is the right approach.
Ian
Re: Removed Principals make ACLs deny everything.
Posted by Ian Boston <ie...@tfd.co.uk>.
Sorry, see its fixed in trunk, ignore me.
Ian
On 1 Nov 2009, at 16:41, Ian Boston wrote:
> Looking at 1.5.7 (may also be the case in later versions)
>
> IIUC, removing a User from the UserManager causes a
> NoSuchPrincipalException in the ACLTempate.init(...) line 113, which
> generates a deny on that node, regardless of the user accessing the
> node.
>
> IMHO, there should be a try catch on the processing of each ACE to
> guard against this.
>
> Removing all ACE's at the same time as removing a Principal is
> probably not practical as the PrincipalManager might (if replaced)
> lookup principals externally.
>
> ?
>
> Can provide a patch, if this is the right approach.
> Ian
>