AEM session management and user access | Community
Skip to main content
V
VasudevaraoGu
Level 2
November 7, 2024

AEM session management and user access

  • November 7, 2024
  • 4 replies
  • 1079 views

Hi,

While we are trying to access the AEM to inject the data from an external application using below

 

public Session getAEMSession() throws RepositoryException {

        return JcrUtils.getRepository(aemAuthorUrl + "/crx/server")

                .login(new SimpleCredentials(aemAuthorUsername, aemAuthorPassword.toCharArray()));

    }

while accessing we are getting the below error as :

javax.jcr.ItemNotFoundException: Unable to retrieve NodeInfo for https://<domain>/crx/server

 

The issue resolving only when we provide root level sudo access to user / as below

 

but not working if we provide only CRUD operations to /content node?

What will be the best practice when we need to connect AEM from external to inject the data to AEM ?

why do we need root level sudo read access?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

4 replies

anupampat
Community Advisor
anupampatCommunity Advisor
Community Advisor
November 7, 2024

Hi @vasudevaraogu ,

 

If you are integrating a third party API to AEM, there are multiple ways, from your query I guess you do not want you use a Technical Account but just get a Session, make a call to the API fetch the data and store in AEM.

1. Create a System user Refer - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/what-is-a-system-user-and-how-do-i-create-a-system-user/m-p/575632

2. While creating the system user you can define the permission you want it to have.

3. Create your ResourceResolver using this system user and then adapt it to create your Session.

 

You should be able to read/write data. One you have Session object you do not need to do JcrUtils.getRepository(aemAuthorUrl + "/crx/server")

 

Regards,

Anupam Patra

    abhishekanand_
    Community Advisor
    abhishekanand_Community Advisor
    Community Advisor
    November 7, 2024

    Hi @vasudevaraogu 

     

    The error you're encountering, javax.jcr.ItemNotFoundException, typically happens when there are insufficient permissions on the nodes you are trying to access. AEM requires that the connecting user have adequate read and write permissions.

    Some JCR operations require the session to traverse the repository's root node for specific internal AEM actions or node properties checks. If the user account lacks read access to required internal nodes (like those in /etc or /libs), the session might fail even if permissions on /content exist.
    A well-defined access control list (ACL) for your service user can resolve this, avoiding the need for extensive root access. Limit access to specific paths and permissions required for your use case.

    Adjust your code to use a service user configured within AEM:

    ResourceResolver resourceResolver = null; try { Map<String, Object> paramMap = new HashMap<>(); paramMap.put(ResourceResolverFactory.SUBSERVICE, "yourServiceUserName"); // Register this user in AEM resourceResolver = resolverFactory.getServiceResourceResolver(paramMap); Session session = resourceResolver.adaptTo(Session.class); // Perform your operations with the session object here } catch (LoginException e) { e.printStackTrace(); } finally { if (resourceResolver != null && resourceResolver.isLive()) { resourceResolver.close(); } }

    Ensure that "yourServiceUserName" has adequate permissions through AEM’s user management console to interact only with the necessary nodes. This setup is aligned with AEM best practices for secure external access.

     

    Abhishek Anand
      V
      VasudevaraoGuAuthor
      Level 2
      November 8, 2024

      This will work inside AEM using system user and user mapper service using the subservice concept but the application running out side aem we trying to connect using Jcr. How this will work for application running out side AEM ??

      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      November 11, 2024

      @vasudevaraogu Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

      Kautuk Sahni
      V
      VasudevaraoGuAuthor
      Level 2
      November 11, 2024

      No not yet stilling looking for the solution provided will work inside AEM but some application which running outside want to make a connect with AEM to get the session what will be the best practice?

      V
      VasudevaraoGuAuthor
      Level 2
      November 21, 2024


      This is the response got from adobe support team but didn't get how can we import a bulk load of data by connecting crx/server possible ?? when we stop davex bundle we are not able to connect the server to inject the data? any one has idea how to connect if the davex bundle stops?

      We understand your requirement to connect to the AEM repository from an external source, given the security constraints around the Davex bundle. We have identified several alternative solutions that could meet your needs: SlingPostServlet: This approach involves writing custom scripts to handle POST requests for creating or modifying resources within the repository. It's an effective solution for programmatically updating content:

      https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html

      Terms & ConditionsAccessibility statement

      Loading footer...