Expand my Community achievements bar.

AEM Forms 6.5.16 Add-on package crashed when creating new form with forms-users privileges

Avatar

Level 2

With the latest AEM Forms 6.5.16 Add-on package which recommended for mitigating multiple security concerns published in the latest security bulletin, AEM crashed in Windows environments with JDK 11.0.18 if the user only had forms-users group privileges. 

 

The failed screen is as follow:

 

 

 

Internal Server Error
Cannot serve request to /aem/createaf.html/content/dam/formsanddocuments in com.adobe.aem.formsndocuments.servlet.ThemeClientLibraryDataSourceServlet

Exception:
java.lang.NullPointerException
	at com.adobe.aem.formsndocuments.servlet.ThemeClientLibraryDataSourceServlet.lambda$getThemeClientLibCategoryList$3(ThemeClientLibraryDataSourceServlet.java:76)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
	at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)
	at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
	at com.adobe.aem.formsndocuments.servlet.ThemeClientLibraryDataSourceServlet.getThemeClientLibCategoryList(ThemeClientLibraryDataSourceServlet.java:81)
	at com.adobe.aem.formsndocuments.servlet.ThemeClientLibraryDataSourceServlet.doGet(ThemeClientLibraryDataSourceServlet.java:50)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:266)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)
	at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)

 

 

 

 

The issue was found in Windows 11 and in Windows servers environments and based the the crashed location, RedHat Enterprise may likely experience the same issue as well.  The reproduction steps are as follow:

  1. On Windows 11, with JDK 11.0.18 (either from Oracle or from Adobe file share), have an instance with 6.5.0 + 6.5.15 SP + AEM Forms 6.5.15 Add-on + AEM Forms 6.5.16 Compat with nosamplecontent runmode
  2. Performance an upgrade to the latest AEM 6.5.16 SP + AEM Forms 6.5.16 Add-on (either March 2 release v904 or March 13 release v912)
  3. Sign in as admin and create a user form-author with only forms-users group membership
  4. Create a configuration folder for editable template and then create a new Adaptive Form Template call custom-template
  5. Impersonate as the form-author created in step #3. then attempt to create a new form with the custom-template created in step #4. 

Expected:

at 5:  The user is able to create a new form without problem

 

Actual:

at 5: AEM crashed with null point error on the screen

 

Investigated the crash point and found that the code doesn't check if the returning categories from  HtmlLibraryManager is accessible by the user before reading JCR node properties.   This ends up causing the crash if the user is not a member of a group that has global administration rights because HtmlLibraryManager service is mapping to a higher privilege service account. 

 

One example of the path that can cause the crash is /lib/granite/operations, as this folder is only accessible by operator group but HtmlLibraryManager will return this as a visible clientlibs for form-author...  

 

The work around found in work around the issue is to use RepositorInitializer to give read access to all /*/clientlibs folders to forms-users .  An example is as following where the last two lines only needed if ACS-Tools and GroovyConsole have been installed:

 

 

 

	set ACL for coc-forms-users
		remove * on /libs/granite/operations
		remove * on /libs/granite/topology
		remove * on /libs/granite/offloading
		remove * on /libs/granite/backup
		remove * on /libs/dam/remoteassets/content/siteconnections
		remove * on /libs/granite/distribution
		remove * on /apps
		
		allow jcr:read on /libs/granite/operations
		allow jcr:read on /libs/granite/topology
		allow jcr:read on /libs/granite/offloading
		allow jcr:read on /libs/granite/backup
		allow jcr:read on /libs/dam/remoteassets/content/siteconnections
		allow jcr:read on /libs/granite/distribution
		allow jcr:read on /apps restriction(rep:glob,/acs-tools/*)
		allow jcr:read on /apps restriction(rep:glob,/groovyconsole/clientlibs)
	end

 

 

 

 

Hope this sharing could help those who are also experiencing the same crashing issue.

 

 

 

0 Replies