[jira] [Commented] (JCRVLT-472) Content package with principal policy fails to install when the user is in the same package

Wed, 26 Aug 2020 10:08:13 -0700 


    [ 
https://issues.apache.org/jira/browse/JCRVLT-472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185345#comment-17185345
 ] 

Konrad Windszus commented on JCRVLT-472:
----------------------------------------

Having three packages seems overly complicated for this use case, especially 
since principal and policy are stored at the same location in JCR and in the 
package.
Regarding

bq. ...unless there was an intermediate Session.save or fvault would remember 
the principals itself

I don't really see how the latter could work, as the actual policy persistence 
is done in Jackrabbit (not in FileVault). So the only real option is to
a) make sure principal is installed first
b) before policy is applied a Session.save() is being issued

Alternatively the Jackrabbit API would need to be enhanced to also consider 
authorizables from a given session (but this would mean major effort and is 
IMHO unlikely to happen).

> Content package with principal policy fails to install when the user is in 
> the same package
> -------------------------------------------------------------------------------------------
>
>                 Key: JCRVLT-472
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-472
>             Project: Jackrabbit FileVault
>          Issue Type: Improvement
>          Components: Packaging
>            Reporter: Robert Munteanu
>            Priority: Major
>         Attachments: sling-slingshot-apps-pkg-1.0-SNAPSHOT.zip
>
>
> I have attached a content package that includes a system user, a principal 
> policy and a principal entry. The content package, when installed in the 
> Sling Starter 12-SNAPSHOT, fails the first time and then the second time 
> works. The full error is 
> {noformat}24.08.2020 17:24:08.669 *WARN* [pool-10-thread-1] 
> com.composum.sling.core.pckgmgr.util.PackageUtil Received error for mode 
> PATHS path /home/users/system/sling/slingshot/rep:principalPolicy
> org.xml.sax.SAXException: javax.jcr.security.AccessControlException: 
> Unsupported principal slingshot-service
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.DocViewSAXImporter.endElement(DocViewSAXImporter.java:1246)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:610)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1718)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2883)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
>         at 
> java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:324)
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.GenericArtifactHandler.accept(GenericArtifactHandler.java:100)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:896) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:799) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.io.Importer.commit(Importer.java:839) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at org.apache.jackrabbit.vault.fs.io.Importer.run(Importer.java:440) 
> [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.packaging.impl.ZipVaultPackage.extract(ZipVaultPackage.java:255)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:400)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:359)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.install(JcrPackageImpl.java:353)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> com.composum.sling.core.pckgmgr.PackageJobExecutor$PackageManagerCallable$InstallOperation.doIt(PackageJobExecutor.java:173)
>  [com.composum.core.pckgmgr:1.12.0]
>         at 
> com.composum.sling.core.pckgmgr.PackageJobExecutor$PackageManagerCallable$Operation.call(PackageJobExecutor.java:276)
>  [com.composum.core.pckgmgr:1.12.0]
>         at 
> com.composum.sling.core.pckgmgr.PackageJobExecutor$PackageManagerCallable.call(PackageJobExecutor.java:145)
>  [com.composum.core.pckgmgr:1.12.0]
>         at 
> com.composum.sling.core.pckgmgr.PackageJobExecutor$PackageManagerCallable.call(PackageJobExecutor.java:125)
>  [com.composum.core.pckgmgr:1.12.0]
>         at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
>         at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>         at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>         at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: javax.jcr.security.AccessControlException: Unsupported principal 
> slingshot-service
>         at 
> org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.PrincipalBasedAccessControlManager.canHandle(PrincipalBasedAccessControlManager.java:308)
>  [org.apache.jackrabbit.oak-authorization-principalbased:1.32.0]
>         at 
> org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.PrincipalBasedAccessControlManager.getPolicies(PrincipalBasedAccessControlManager.java:132)
>  [org.apache.jackrabbit.oak-authorization-principalbased:1.32.0]
>         at 
> org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getPolicies(CompositeAccessControlManager.java:154)
>  [org.apache.jackrabbit.oak-core:1.32.0]
>         at 
> org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator$2.perform(JackrabbitAccessControlManagerDelegator.java:75)
>  [org.apache.jackrabbit.oak-jcr:1.32.0]
>         at 
> org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator$2.perform(JackrabbitAccessControlManagerDelegator.java:71)
>  [org.apache.jackrabbit.oak-jcr:1.32.0]
>         at 
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:207)
>  [org.apache.jackrabbit.oak-jcr:1.32.0]
>         at 
> org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getPolicies(JackrabbitAccessControlManagerDelegator.java:71)
>  [org.apache.jackrabbit.oak-jcr:1.32.0]
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.JackrabbitACLImporter$ImportedPolicy.getPolicy(JackrabbitACLImporter.java:192)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.JackrabbitACLImporter$ImportedPrincipalAcList.apply(JackrabbitACLImporter.java:433)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.JackrabbitACLImporter.close(JackrabbitACLImporter.java:154)
>  [org.apache.jackrabbit.vault:3.4.6]
>         at 
> org.apache.jackrabbit.vault.fs.impl.io.DocViewSAXImporter.endElement(DocViewSAXImporter.java:1190)
>  [org.apache.jackrabbit.vault:3.4.6]
>         ... 34 common frames omitted
> {noformat}
> When I retry installing the content package the operation succeeds, which may 
> be a hint that the freshly created user is not yet visible to the rest of the 
> import operation on the first try.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to