FIX: only set ownerSid if it is persisted

security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java

@@ -129,11 +129,15 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 		if (permissionEvaluator != null) {
 			if (authentication != null) {
 				Permissions perms = new Permissions();
+				try {
 					perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
 					perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
 					perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
 					perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
 					perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
+				} catch (Throwable e) {
+					LOG.warn("Could not read current permissions {}", e.getMessage());
+				}
 				return perms;
 			}
 		}

security/src/main/java/org/genesys/blocks/security/service/impl/CustomAclServiceImpl.java

@@ -112,19 +112,21 @@ public class CustomAclServiceImpl implements CustomAclService {
 		// save object identity
 		AclObjectIdentity objectIdentity = aclObjectIdentityPersistence.findByObjectIdAndClassname(target.getId(), aclClass.getAclClass());
 		if (objectIdentity == null) {
+			objectIdentity = new AclObjectIdentity();
+			
 			final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
 			if (ownerSid == null) {
 				LOG.warn("No SID in security context, not assigning creator permissions");
 			} else if (!ownerSid.isPersisted()) {
 				LOG.warn("Owner SID not persisted, not assigning creator permissions");
+			} else {
+				objectIdentity.setOwnerSid(ownerSid);
 			}
 
 			LOG.debug("Inserting owner ACL entries for owner={} class={} id={}", ownerSid, target.getClass().getName(), target.getId());
 
-			objectIdentity = new AclObjectIdentity();
 			objectIdentity.setObjectIdIdentity(target.getId());
 			objectIdentity.setAclClass(aclClass);
-			objectIdentity.setOwnerSid(ownerSid);
 
 			AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());
 			if (parentObject != null) {
@@ -135,9 +137,9 @@ public class CustomAclServiceImpl implements CustomAclService {
 			}
 
 			objectIdentity = aclObjectIdentityPersistence.save(objectIdentity);
-			if (ownerSid != null) {
+			if (objectIdentity.getOwnerSid() != null) {
 				final Permissions permissions = new Permissions().grantAll();
-				addPermissions(objectIdentity, ownerSid, permissions);
+				addPermissions(objectIdentity, objectIdentity.getOwnerSid(), permissions);
 			}
 
 		} else {
@@ -146,10 +148,11 @@ public class CustomAclServiceImpl implements CustomAclService {
 
 			if (objectIdentity.getOwnerSid() == null) {
 				final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
-				if (ownerSid == null) {
-					LOG.warn("No SID in security context, not assigning creator permissions");
-				}
+				if (ownerSid != null && ownerSid.isPersisted()) {
 					objectIdentity.setOwnerSid(ownerSid);
+				} else {
+					LOG.debug("Owner SID not persisted or is null.");
+				}
 			}
 			
 			AclObjectIdentity parentObject = getObjectIdentity(target.aclParentObject());