jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Boston <...@tfd.co.uk>
Subject Removed Principals make ACLs deny everything.
Date Sun, 01 Nov 2009 16:41:30 GMT
Looking at 1.5.7 (may also be the case in later versions)

IIUC, removing a User from the UserManager causes a  
NoSuchPrincipalException in the ACLTempate.init(...) line 113, which  
generates a deny on that node, regardless of the user accessing the  
node.

IMHO, there should be a try catch on the processing of each ACE to  
guard against this.

Removing all ACE's at the same time as removing a Principal is  
probably not practical as the PrincipalManager might (if replaced)  
lookup principals externally.

?

Can provide a patch, if this is the right approach.
Ian


Mime
View raw message