Description
Currently if someone tries to create a user/group outside the allowed path an error message like
javax.jcr.nodetype.ConstraintViolationException: Attempt to create authorizable outside of configured tree at org.apache.jackrabbit.oak.security.user.UserProvider.getFolderPath(UserProvider.java:331) at org.apache.jackrabbit.oak.security.user.UserProvider.createFolderNodes(UserProvider.java:294) at org.apache.jackrabbit.oak.security.user.UserProvider.createAuthorizableNode(UserProvider.java:257) at org.apache.jackrabbit.oak.security.user.UserProvider.createGroup(UserProvider.java:190) at org.apache.jackrabbit.oak.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:210) at org.apache.jackrabbit.oak.security.user.UserManagerImpl.createGroup(UserManagerImpl.java:199) at org.apache.jackrabbit.oak.jcr.delegate.UserManagerDelegator$12.perform(UserManagerDelegator.java:214) at org.apache.jackrabbit.oak.jcr.delegate.UserManagerDelegator$12.perform(UserManagerDelegator.java:211) at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:216) at org.apache.jackrabbit.oak.jcr.delegate.UserManagerDelegator.createGroup(UserManagerDelegator.java:210)
is logged.
It would be good to include in the error which path is allowed and which path is actually used (for quicker debugging).
Attachments
Issue Links
- links to