search

Netcentric / accesscontroltool

Rights and roles management for AEM made easy
Eclipse Public License 1.0
150 stars 91 forks source link

PackageException: No modifiable ACL #313

Open jenslauterbach opened 6 years ago

jenslauterbach commented 6 years ago

During installation of our configuration package we get the following exception (full stacktrace at the end of the description).

org.apache.jackrabbit.vault.packaging.PackageException: No modifiable ACL at /etc/tags/articleType

System:

  1. AEM 6.3 (SP2, CFP 6.3.2.1)
  2. Access Control Tool Version 2.0.1 and 2.0.11

The same exception happens every time the package is installed (so installing it twice) will also get you the same exception.

Steps to reproduce:

Sadly, at the moment I can not provide information on how to reproduce this issue since this does not happen on all of our environments (locally it can not be reproduced).

Full Stacktrace:

06.08.2018 10:59:07.798 *WARN* [qtp1864180663-29491] org.apache.jackrabbit.vault.packaging.impl.InstallHookProcessorImpl Hook actool threw package exception. Prepare aborted.
org.apache.jackrabbit.vault.packaging.PackageException: No modifiable ACL at /etc/tags/articleType
    at biz.netcentric.cq.tools.actool.installhook.AcToolInstallHook.execute(AcToolInstallHook.java:68)
    at org.apache.jackrabbit.vault.packaging.impl.InstallHookProcessorImpl.execute(InstallHookProcessorImpl.java:148)
    at org.apache.jackrabbit.vault.packaging.impl.ZipVaultPackage.extract(ZipVaultPackage.java:227)
    at org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:398)
    at org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.extract(JcrPackageImpl.java:357)
    at org.apache.jackrabbit.vault.packaging.impl.JcrPackageImpl.install(JcrPackageImpl.java:351)
    at com.day.crx.packaging.impl.J2EEPackageManager.consoleInstall(J2EEPackageManager.java:353)
    at com.day.crx.packaging.impl.J2EEPackageManager.doPost(J2EEPackageManager.java:191)
    at com.day.crx.packaging.impl.PackageManagerServlet.doPost(PackageManagerServlet.java:128)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
    at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
    at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
    at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:295)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
    at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:138)
    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
    at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:127)
    at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:499)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.jcr.security.AccessControlException: No modifiable ACL at /etc/tags/articleType
    at biz.netcentric.cq.tools.actool.helper.AccessControlUtils.getModifiableAcl(AccessControlUtils.java:235)
    at biz.netcentric.cq.tools.actool.aceinstaller.BaseAceBeanInstaller.installPathBasedACEs(BaseAceBeanInstaller.java:75)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAces(AcInstallationServiceImpl.java:382)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installAcConfiguration(AcInstallationServiceImpl.java:242)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installMergedConfigurations(AcInstallationServiceImpl.java:520)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installConfigurationFiles(AcInstallationServiceImpl.java:205)
    at biz.netcentric.cq.tools.actool.installhook.impl.AcToolInstallHookServiceImpl.installYamlFilesFromPackage(AcToolInstallHookServiceImpl.java:47)
    at biz.netcentric.cq.tools.actool.installhook.AcToolInstallHook.execute(AcToolInstallHook.java:62)
    ... 44 common frames omitted
kwin commented 4 years ago

Could this be related to the usage of the Composite NodeStore? That would indeed prevent modifying ACLs on that area. But I fear there is nothing that the ACTool could in that case...