Hi! I have extended the WebDAV servlet classes to deal with DAV's ACL methods (as defined by the AclResource interface). This allows me to set and query ACLs on my files and folders. However, I run into trouble when I change the user store.
In my alterAcl() method, I retrieve the current ACL by first calling AccessControlManager#getPolicies [1] to determine the resource's current ACL, and then, if it has none, AccessControlManager#getApplicablePolicies() [2] to find an empty ACL I can work with. The problems appear if the resource's ACL contains an entry for a principal which has since be deleted (we're using an LDAP server to manage our principals, so we have no control over who will when delete users), since in this case both methods will throw a NoSuchPrincipalException. For [1], this means that I cannot *modify* an ACL which contains an obsolete entry; I would have to throw away the entire ACL and build a new one, losing the old definitions for also the still valid remaining users (I also fear that this could mean deleting a user will immediately disable access control on the resouce, but I haven't verified that). Worse yet, for [2] this means that once a resource's ACL has been damaged, I cannot create a new ACL on the same resource because I have no means to retrieve a fresh ACL. Effectively, access control settings on this resource have been destroyed, and all I can do to fix that is delete the resource and recreate it. I don't think I can blame my principal manager, because I can't expect it to return principals which no longer exists. Everything from that point on seems to happen in the depths of Jackrabbit's access management classes. I'm tempted to add this as a Jira issue, but I'm not sure how to classify it. From the implications, I would file it as a bug, but it probably doesn't refer to any of Jackrabbit's specifications, so it might be a major issue instead? Hints appreciated. (Workarounds as well :) Thanks, Marian. -- View this message in context: http://www.nabble.com/WebDAV-ACLs-referring-to-deleted-principals-tp24934748p24934748.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
