angela created OAK-8388:
---------------------------
Summary: AccessControlManagerImpl.getEffectivePolicies(Set):
Insufficicient validator of query results
Key: OAK-8388
URL: https://issues.apache.org/jira/browse/OAK-8388
Project: Jackrabbit Oak
Issue Type: Bug
Components: core, security
Reporter: angela
Assignee: angela
when searching for effective policies by a given set of principals, the query
limits the results to trees of type rep:ACE. upon processing the query result
the code asserts that the result set doesn't contain any kind of isolated
access control entries that are not located within a ACL... but only checks for
the acl-tree name being empty and not whether it matches the names mandated by
this implementation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
