Hi All,
The Admin user should able to create the external user by providing the email of external user with temporary password(System generated) and provide access to specific folder in DAM through user interface and send this invitation to external user by mail automatically(System generated). The External user should login through that invitation and able to update the password.
Could you please let me know how we can achieve this in AEM .
Regards
Bikash Singh
Solved! Go to Solution.
Views
Replies
Total Likes
There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.
1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.
2. create a registration component that asks basic details, email address, first name, last name.
3. on clicking of the submit button using Ajax, call servlet.
4. the servlet should handle creating a user and adding to the group
5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.
6. the servlet should contain below sample code.
ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();
7. Once the user creation is successful, then you need to send out an email to the external user.
8. Create OSGI service which sends an email to the external -user
refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html
9. in the body of the email attach a link to change the password and send a temporary password
10. the change password page should contain a password change component,
11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6
@bikash_kumar306
In this scenario you have you can follow below procedure:
1. Creating a UI From with the required field like emailid, name, password and path to access.
2. On click of submit call a service to create a user in AEM programatically and trigger an email to the mentioned email Id
To generate user programatically refer https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/programmatic-user-creation...
Thanks,
Nikhil
There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.
1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.
2. create a registration component that asks basic details, email address, first name, last name.
3. on clicking of the submit button using Ajax, call servlet.
4. the servlet should handle creating a user and adding to the group
5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.
6. the servlet should contain below sample code.
ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();
7. Once the user creation is successful, then you need to send out an email to the external user.
8. Create OSGI service which sends an email to the external -user
refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html
9. in the body of the email attach a link to change the password and send a temporary password
10. the change password page should contain a password change component,
11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6