jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (OAK-7952) JCR System users do no longer consider group ACEs of groups they are member of
Date Mon, 10 Dec 2018 13:08:00 GMT

    [ https://issues.apache.org/jira/browse/OAK-7952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714680#comment-16714680
] 

Konrad Windszus edited comment on OAK-7952 at 12/10/18 1:07 PM:
----------------------------------------------------------------

[~anchela] Could this be related to OAK-3003? For us it worked though in Oak 1.6.x. Maybe
it is also related to OAK-3933.


was (Author: kwin):
[~anchela] Could this be related to OAK-3003? For us it worked though in Oak 1.6.x.

> JCR System users do no longer consider group ACEs of groups they are member of
> ------------------------------------------------------------------------------
>
>                 Key: OAK-7952
>                 URL: https://issues.apache.org/jira/browse/OAK-7952
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.8.3
>            Reporter: Konrad Windszus
>            Priority: Major
>         Attachments: OAK-7952_test-servlet.java
>
>
> In Oak 1.8.3 the JCR system users (JCR-3802) do no longer consider the access control
entries bound to a group principal (belonging to a group they are member of). Only direct
ACEs seem to be considered.
> I used the attached simple servlet to test read access of an existing service-user "workflow-service".
Unfortunately it throws a {{javax.jcr.PathNotFoundException}} although the service user should
inherit  read access to the accessed path via its group membership. It works flawlessly in
case the system user has direct read access to that path.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message