in src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java [242:260]
public static void removePolicy(@NotNull SessionContext context, @NotNull final String principalName)
throws RepositoryException {
Principal principal = context.getPrincipal(principalName);
if (principal == null) {
LOG.info("Principal {} does not exist.", principalName);
// using PrincipalImpl will prevent 'removePolicy' from failing with AccessControlException
// in case import-behavior is configured to be ABORT.
principal = new PrincipalImpl(principalName);
}
JackrabbitAccessControlManager acMgr = context.getAccessControlManager();
for (JackrabbitAccessControlPolicy policy : acMgr.getPolicies(principal)) {
// make sure not to remove the principal-based access control list but instead only drop
// resource-based access control content for the given principal
if (policy instanceof JackrabbitAccessControlList && !(policy instanceof PrincipalAccessControlList)) {
acMgr.removePolicy(policy.getPath(), policy);
}
}
}