[ https://issues.apache.org/jira/browse/OAK-1350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela reassigned OAK-1350: --------------------------- Assignee: angela > Inconsistent Principal Validation between API and Import behavior > ----------------------------------------------------------------- > > Key: OAK-1350 > URL: https://issues.apache.org/jira/browse/OAK-1350 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core, jcr > Reporter: angela > Assignee: angela > > the JCR access control management mandates that adding a new ACE includes > validating if the specified principal is known to the repository. > however, the ac-imported in jackrabbit and oak is more relaxed wrt that > validation and allows to create ACE even for unknown principals. this > basically leaves us with an inconsistent behavior between xml-import and > calls to ac-management API directly. > in order to fix that i would suggest the following approach: > - make the import behavior configurable with the flags defined by > o.a.j.oak.spi.xml.ImportBehavior > - apply the same login when validating a new ACE created by calling the > regular JCR API > - change the default behavior in the importer to match the behavior required > by the specification (would be ABORT, currently is BESTEFFORT). > i will adjust the test-cases accordingly and update the documentation. > as far as our adobe products are concerned i will makes sure the > configuration is still set to BESTEFFORT. -- This message was sent by Atlassian JIRA (v6.1.5#6160)