You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/06/05 12:08:00 UTC

[jira] [Resolved] (OAK-8383) AccessControlValidator: check for duplicate ACE ignores allow/deny status

     [ https://issues.apache.org/jira/browse/OAK-8383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved OAK-8383.
-------------------------
       Resolution: Fixed
    Fix Version/s: 1.14.0

Committed revision 1860653.


> AccessControlValidator: check for duplicate ACE ignores allow/deny status
> -------------------------------------------------------------------------
>
>                 Key: OAK-8383
>                 URL: https://issues.apache.org/jira/browse/OAK-8383
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core, security
>            Reporter: angela
>            Assignee: angela
>            Priority: Major
>             Fix For: 1.14.0
>
>
> just found out that the verification in {{AccessControlValidator}} asserting that no duplicate entries are present, doesn't take the primary type of the ACE node into account which defines if the entry is allowing or denying access. 
> In otherwords: when manually adding 2 entries though oak API that only differ by the allow/deny the validator will wrongly fail, warning about duplicate entries. Since adding ACEs manually through JCR API is not possible and the access control list implementation filters out duplications, this issue hasn't shown up.
> cc [~stillalex]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)