search

Netcentric / accesscontroltool

Rights and roles management for AEM made easy
Eclipse Public License 1.0
150 stars 92 forks source link

Issues with wildcard usage in paths containing names starting with digits #688

Closed Vocinglero closed 5 months ago

Vocinglero commented 7 months ago

Hello,

In our project, we have encountered an issue with folder names in our DAM that include numbers. When we specify ACL rules targeting a specific path directly, everything functions as expected. However, an error arises if we attempt to use a wildcard in the path specification.

For instance, consider the following rule:

- path: '/content/dam/brands/21c/global-marketing/*/'
   permission: allow
   privileges: jcr:read

This setup results in an error stating: "Could not process yaml files / e=javax.jcr.query.InvalidQueryException: java.text.ParseException: Query: /jcr:root/content/dam/brands/"21c"()/global-marketing/; expected: jcr:root, /, *, @, (, ."

It's important to note that if we use the path /content/dam/brands/21c/global-marketing without the wildcard, it operates correctly.

kwin commented 5 months ago

@Vocinglero Can you share a yaml which allows us to reproduce the error?

Vocinglero commented 5 months ago

@kwin Here are the 2 yaml files we use Archive.zip

kwin commented 5 months ago

@Vocinglero Thanks, I could reproduce. The full stack trace from the exception is as follows:

javax.jcr.query.InvalidQueryException: java.text.ParseException: Query:_/jcr:root/content/dam/brands/21(*)c/global-marketing/*; expected: jcr:root, /, *, @, (, .
    at org.apache.jackrabbit.oak.jcr.query.QueryManagerImpl.executeQuery(QueryManagerImpl.java:149) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.jcr.query.QueryImpl$2.perform(QueryImpl.java:105) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.jcr.query.QueryImpl$2.perform(QueryImpl.java:101) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:229) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.jcr.query.QueryImpl.execute(QueryImpl.java:100) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    at biz.netcentric.cq.tools.actool.helper.QueryHelper.getNodesFromQuery(QueryHelper.java:154)
    at biz.netcentric.cq.tools.actool.helper.QueryHelper.getNodePathsFromQuery(QueryHelper.java:164)
    at biz.netcentric.cq.tools.actool.helper.QueryHelper.getNodePathsFromQuery(QueryHelper.java:132)
    at biz.netcentric.cq.tools.actool.configreader.YamlConfigReader.handleWildcards(YamlConfigReader.java:297)
    at biz.netcentric.cq.tools.actool.configreader.YamlConfigReader.getPreservedOrderdAceSet(YamlConfigReader.java:280)
    at biz.netcentric.cq.tools.actool.configreader.YamlConfigReader.getAceConfigurationBeans(YamlConfigReader.java:126)
    at biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMerger.getMergedConfigurations(YamlConfigurationMerger.java:188)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.installConfigurationFiles(AcInstallationServiceImpl.java:286)
    at biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.apply(AcInstallationServiceImpl.java:217)
...
Caused by: java.text.ParseException: Query:_/jcr:root/content/dam/brands/21(*)c/global-marketing/*; expected: jcr:root, /, *, @, (, .
    at org.apache.jackrabbit.oak.query.xpath.XPathToSQL2Converter.getSyntaxError(XPathToSQL2Converter.java:1222) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.query.xpath.XPathToSQL2Converter.getSyntaxError(XPathToSQL2Converter.java:1212) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.query.xpath.XPathToSQL2Converter.convertToStatement(XPathToSQL2Converter.java:364) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.query.xpath.XPathToSQL2Converter.convert(XPathToSQL2Converter.java:99) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.query.QueryEngineImpl.parseQuery(QueryEngineImpl.java:194) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.query.QueryEngineImpl.executeQuery(QueryEngineImpl.java:267) [org.apache.jackrabbit.oak-core:1.60.0.T20240131102219-0cde853]
    at org.apache.jackrabbit.oak.jcr.query.QueryManagerImpl.executeQuery(QueryManagerImpl.java:137) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853]
    ... 178 common frames omitted
kwin commented 5 months ago

The problem here is not the wildcard at the end, but the name 21c which is not a valid name in XML ( https://www.w3.org/TR/REC-xml/#NT-NameStartChar). It needs to be escaped according to the rules outlined in https://jackrabbit.apache.org/archive/wiki/JCR/EncodingAndEscaping_115513396.html#EncodingAndEscaping-Encodingpathinqueries.

Vocinglero commented 5 months ago

@kwin thanks. I thought it was caused by the wildcard because this works fine: path: '/content/dam/brands/21c/global-marketing', while this does not path: '/content/dam/brands/21c/global-marketing/*/'

kwin commented 5 months ago

@Vocinglero Without wildcard there is no query involved, therefore you need the wildcard to trigger it.