SEC-1139: acl_object_identity.owner_sid should be 'not null' in schema #1386

spring-issuemaster opened this Issue Apr 17, 2009 · 3 comments

1 participant


Brian Ewins (Migrated from SEC-1139) said:

In the documentation (src/docbkx/appendix-db-schema.xml), acl_object_identity.owner_sid is defined as:
owner_sid bigint,

but in the code, requires that the owner sid is not null, and in fact you’ll get an exception from BasicLookupStrategy attempting to create sids with null values if you read an object identity with a null owner_sid. Triggered this bug migrating data from a non-spring/acegi acl implementation which didn’t use owners.


Luke Taylor said:

Thanks Baz. I've added that to the docs.

The condition may be relaxed in future to allow the owner to be optional, but it is always possible to use a default or system owner so the cleanest solution is probably to retain the requirement in the default implementation and clarify that the owner must always be set.


Gaudez said:

I had the same issue with version 3.2.5. I had to use a "super owner" to fix the problem.
Should I open a new issue? Where may I provide more details?


@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

This issue supersedes #740

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment