[ https://issues.apache.org/jira/browse/OAK-8383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated OAK-8383: ------------------------ Fix Version/s: (was: 1.14.0) 1.16.0 > AccessControlValidator: check for duplicate ACE ignores allow/deny status > ------------------------------------------------------------------------- > > Key: OAK-8383 > URL: https://issues.apache.org/jira/browse/OAK-8383 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core, security > Reporter: angela > Assignee: angela > Priority: Major > Fix For: 1.16.0 > > > just found out that the verification in {{AccessControlValidator}} asserting > that no duplicate entries are present, doesn't take the primary type of the > ACE node into account which defines if the entry is allowing or denying > access. > In otherwords: when manually adding 2 entries though oak API that only differ > by the allow/deny the validator will wrongly fail, warning about duplicate > entries. Since adding ACEs manually through JCR API is not possible and the > access control list implementation filters out duplications, this issue > hasn't shown up. > cc [~stillalex] -- This message was sent by Atlassian JIRA (v7.6.3#76005)