I created a forget Password service for the user to reset his/her own password by sending a link to his email and providing a reset password page.
Inside this service I use:
session = resolver.adaptTo(Session.class);
UserManager userMgr = resolver.adaptTo(UserManager.class);
Authorizable a = userMgr.getAuthorizable(userid, User.class);
User user = (User)userMgr.getAuthorizable(userid, User.class);
user.changePassword(newPassword);
session.save()
The resolver here is a resourceResolver for a serviceUser Account "userManager" and I have granted access to '/home' read/modify/create,Read ACL,Edit ACL but I still receive "javax.jcr.AccessDeniedException: OakAccess0000: Access denied " when I run "session.save()"
Anything I am missing here?