[
https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612636#comment-15612636
]
Oliver Lietz commented on SLING-6130:
-------------------------------------
When trying to access the instance over WebDAV an exception is thrown:
{noformat}
27.10.2016 19:48:56.442 *ERROR* [qtp1622793849-193]
org.apache.jackrabbit.webdav.jcr.WorkspaceResourceImpl Internal error while
building resource for the root node.
javax.jcr.AccessDeniedException: Root node is not accessible.
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:294)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl$4.perform(SessionImpl.java:288)
at
org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)
at
org.apache.jackrabbit.oak.jcr.session.SessionImpl.getRootNode(SessionImpl.java:288)
at
org.apache.sling.jcr.oak.server.internal.TcclWrappingJackrabbitSession.getRootNode(TcclWrappingJackrabbitSession.java:125)
at
org.apache.jackrabbit.webdav.jcr.WorkspaceResourceImpl.getMembers(WorkspaceResourceImpl.java:310)
at
org.apache.jackrabbit.webdav.MultiStatus.addResourceProperties(MultiStatus.java:63)
at
org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.doPropFind(AbstractWebdavServlet.java:560)
at
org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.execute(AbstractWebdavServlet.java:348)
at
org.apache.jackrabbit.webdav.server.AbstractWebdavServlet.service(AbstractWebdavServlet.java:291)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at
org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
at
org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
at
org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:89)
at
org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
at
org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:133)
at
org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
at
org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
at
org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:128)
at
org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
at org.eclipse.jetty.server.Server.handle(Server.java:523)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
at
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
at java.lang.Thread.run(Thread.java:745)
{noformat}
> Restrict access for principal everyone and move configuration to repoinit
> -------------------------------------------------------------------------
>
> Key: SLING-6130
> URL: https://issues.apache.org/jira/browse/SLING-6130
> Project: Sling
> Issue Type: Improvement
> Components: JCR, Oak
> Affects Versions: JCR Oak Server 1.1.0
> Reporter: Oliver Lietz
> Assignee: Oliver Lietz
> Labels: security
> Fix For: JCR Oak Server 1.1.2
>
> Attachments: error.log
>
>
> Currently {{everyone}} can {{read}} from {{/}} (configured in
> {{OakSlingRepositoryManager}}).
> Access for {{everyone}} should be restricted:
> * {{read}} should be restricted to {{/content}}
> * configuration of principals and ACLs should be done with _repoinit_
> # -Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}}-
> (/) (-[r1764259|https://svn.apache.org/r1764259]-)
> # Fix modules (samples) relying on _unrestricted_ {{read}} access
> # Move configuration of ACLs to _repoinit_ (/)
> discussion on
> [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
