org.acegisecurity.acls.NotFoundException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • AclImpl.insertAce(..) and AclImpl.deleteAce(..) both check that the current authentication is the owner of the Acl being modified, if the authentication is not the owner an exception is thrown (see stack trace at the end of this post. In our application we require multiple users (authentications) to be able to administer ACLs, so this check presents a problem. I propose a modification to the MutableAcl (org.acegisecurity.acls.MutableAcl) methods insertAce(..) and deleteAce(..) where each would take an additional boolean parameter enforeOwnerOnlyChange, if true then behaviour should be as it currently is, if false the checking the ACL owner against the current authentication should be skipped. The changed first couple of lines to AclImpl methods are should below: public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl { ... /** * @see MutableAcl#deleteAce(Serializable, boolean) */ public void deleteAce(Serializable aceId, boolean enforceOwnerOnlyChange) throws NotFoundException { if (enforceOwnerOnlyChange) { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); } // delete as as per current ... } /** * @see MutableAcl#insertAce(Serializable, Permission, Sid, boolean, boolean) */ public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting, boolean enforceOwnerOnlyChange) throws NotFoundException { if (enforceOwnerOnlyChange) { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); } // insert Ace as per current ... } Also I've created some javadoc for the MutableAcl interface method definitions for the above: /** * Deletes the identified {@link AccessControlEntry} from this Acl. * @param aceId The ID of the Ace to delete * @param enforceOwnerOnlyChange If <code>true</code> enforces that the user (Authentication) making the * change is the same as the user (Authentication) who made created the Acl.<br> * If <code>false</code> Allows any authentication to make the change. */ public void deleteAce(Serializable aceId, boolean enforceOwnerOnlyChange) throws NotFoundException; /** * Inserts an {@link AccessControlEntry} into this Acl * @param afterAceId The ACE in this Acl which the Ace should be inserted after * @param permission The permission for the new {@link AccessControlEntry} * @param sid The Sid for the new {@link AccessControlEntry} * @param granting Value of the granting property of the new Ace * @param enforceOwnerOnlyChange If <code>true</code> enforces that the user (Authentication) making the * change is the same as the user (Authentication) who made created the Acl.<br> * If <code>false</code> Allows any authentication to make the change. * @throws NotFoundException */ public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting, boolean enforceOwnerOnlyChange) throws NotFoundException; Stack trace: org.acegisecurity.acls.NotFoundException: Unable to locate a matching ACE for passed permissions and SIDs at org.acegisecurity.acls.domain.AclImpl.isGranted(AclImpl.java:305) at org.acegisecurity.acls.domain.AclAuthorizationStrategyImpl.securityCheck(AclAuthorizationStrategyImpl.java:113) at org.acegisecurity.acls.domain.AclImpl.insertAce(AclImpl.java:181) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignPermission(AclAcegiFactory.java:197) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignReadPermission(AclAcegiFactory.java:182) at com.energyintellect.framework.security.factory.AclFactoryTest.testMultiUserAclUpdates(AclFactoryTest.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at junit.framework.TestCase.runTest(TestCase.java:154) at junit.framework.TestCase.runBare(TestCase.java:127) at org.springframework.test.ConditionalTestCase.runBare(ConditionalTestCase.java:69) at junit.framework.TestResult$1.protect(TestResult.java:106) at junit.framework.TestResult.runProtected(TestResult.java:124) at junit.framework.TestResult.run(TestResult.java:109) at junit.framework.TestCase.run(TestCase.java:118) at junit.framework.TestSuite.runTest(TestSuite.java:208) at junit.framework.TestSuite.run(TestSuite.java:203) at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:128) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
    via by Simon van der Sluis,
  • AclImpl.insertAce(..) and AclImpl.deleteAce(..) both check that the current authentication is the owner of the Acl being modified, if the authentication is not the owner an exception is thrown (see stack trace at the end of this post. In our application we require multiple users (authentications) to be able to administer ACLs, so this check presents a problem. I propose a modification to the MutableAcl (org.acegisecurity.acls.MutableAcl) methods insertAce(..) and deleteAce(..) where each would take an additional boolean parameter enforeOwnerOnlyChange, if true then behaviour should be as it currently is, if false the checking the ACL owner against the current authentication should be skipped. The changed first couple of lines to AclImpl methods are should below: public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl { ... /** * @see MutableAcl#deleteAce(Serializable, boolean) */ public void deleteAce(Serializable aceId, boolean enforceOwnerOnlyChange) throws NotFoundException { if (enforceOwnerOnlyChange) { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); } // delete as as per current ... } /** * @see MutableAcl#insertAce(Serializable, Permission, Sid, boolean, boolean) */ public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting, boolean enforceOwnerOnlyChange) throws NotFoundException { if (enforceOwnerOnlyChange) { aclAuthorizationStrategy.securityCheck(this, AclAuthorizationStrategy.CHANGE_GENERAL); } // insert Ace as per current ... } Also I've created some javadoc for the MutableAcl interface method definitions for the above: /** * Deletes the identified {@link AccessControlEntry} from this Acl. * @param aceId The ID of the Ace to delete * @param enforceOwnerOnlyChange If <code>true</code> enforces that the user (Authentication) making the * change is the same as the user (Authentication) who made created the Acl.<br> * If <code>false</code> Allows any authentication to make the change. */ public void deleteAce(Serializable aceId, boolean enforceOwnerOnlyChange) throws NotFoundException; /** * Inserts an {@link AccessControlEntry} into this Acl * @param afterAceId The ACE in this Acl which the Ace should be inserted after * @param permission The permission for the new {@link AccessControlEntry} * @param sid The Sid for the new {@link AccessControlEntry} * @param granting Value of the granting property of the new Ace * @param enforceOwnerOnlyChange If <code>true</code> enforces that the user (Authentication) making the * change is the same as the user (Authentication) who made created the Acl.<br> * If <code>false</code> Allows any authentication to make the change. * @throws NotFoundException */ public void insertAce(Serializable afterAceId, Permission permission, Sid sid, boolean granting, boolean enforceOwnerOnlyChange) throws NotFoundException; Stack trace: org.acegisecurity.acls.NotFoundException: Unable to locate a matching ACE for passed permissions and SIDs at org.acegisecurity.acls.domain.AclImpl.isGranted(AclImpl.java:305) at org.acegisecurity.acls.domain.AclAuthorizationStrategyImpl.securityCheck(AclAuthorizationStrategyImpl.java:113) at org.acegisecurity.acls.domain.AclImpl.insertAce(AclImpl.java:181) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignPermission(AclAcegiFactory.java:197) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignReadPermission(AclAcegiFactory.java:182) at com.energyintellect.framework.security.factory.AclFactoryTest.testMultiUserAclUpdates(AclFactoryTest.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at junit.framework.TestCase.runTest(TestCase.java:154) at junit.framework.TestCase.runBare(TestCase.java:127) at org.springframework.test.ConditionalTestCase.runBare(ConditionalTestCase.java:69) at junit.framework.TestResult$1.protect(TestResult.java:106) at junit.framework.TestResult.runProtected(TestResult.java:124) at junit.framework.TestResult.run(TestResult.java:109) at junit.framework.TestCase.run(TestCase.java:118) at junit.framework.TestSuite.runTest(TestSuite.java:208) at junit.framework.TestSuite.run(TestSuite.java:203) at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:128) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
    via by Simon van der Sluis,
    • org.acegisecurity.acls.NotFoundException: Unable to locate a matching ACE for passed permissions and SIDs at org.acegisecurity.acls.domain.AclImpl.isGranted(AclImpl.java:305) at org.acegisecurity.acls.domain.AclAuthorizationStrategyImpl.securityCheck(AclAuthorizationStrategyImpl.java:113) at org.acegisecurity.acls.domain.AclImpl.insertAce(AclImpl.java:181) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignPermission(AclAcegiFactory.java:197) at com.energyintellect.framework.security.factory.acegi.AclAcegiFactory.assignReadPermission(AclAcegiFactory.java:182) at com.energyintellect.framework.security.factory.AclFactoryTest.testMultiUserAclUpdates(AclFactoryTest.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at junit.framework.TestCase.runTest(TestCase.java:154) at junit.framework.TestCase.runBare(TestCase.java:127) at org.springframework.test.ConditionalTestCase.runBare(ConditionalTestCase.java:69) at junit.framework.TestResult$1.protect(TestResult.java:106) at junit.framework.TestResult.runProtected(TestResult.java:124) at junit.framework.TestResult.run(TestResult.java:109) at junit.framework.TestCase.run(TestCase.java:118) at junit.framework.TestSuite.runTest(TestSuite.java:208) at junit.framework.TestSuite.run(TestSuite.java:203) at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:128) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
    No Bugmate found.