Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Ability to send invitations to external users (System Generated)

Avatar

Level 2

Hi All,

 

The Admin user should able to create the external user by providing the email of external user with temporary password(System generated) and provide access to specific folder in DAM through user interface and send this invitation to external user by mail automatically(System generated). The External user should login through that invitation and able to update the password.

 

Could you please let me know how we can achieve this in AEM .

 

Regards

Bikash Singh

1 Accepted Solution

Avatar

Correct answer by
Level 8

There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.

1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.

2. create a registration component that asks basic details, email address, first name, last name.

3. on clicking of the submit button using Ajax, call servlet.

4. the servlet should handle creating a user and adding to the group

5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.

6. the servlet should contain below sample code.

ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();

 

7. Once the user creation is successful, then you need to send out an email to the external user.

8. Create OSGI service which sends an email to the external -user

refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html

9. in the body of the email attach a link to change the password and send a temporary password

10. the change password page should contain a password change component,

11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6

View solution in original post

2 Replies

Avatar

Community Advisor

@bikash_kumar306 

In this scenario you have you can follow below procedure:

1. Creating a UI From with the required field like emailid, name, password and path to access.

2. On click of submit call a service to create a user in AEM programatically and trigger an email to the mentioned email Id

To generate user programatically refer https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/programmatic-user-creation... 

Thanks,
Nikhil

Avatar

Correct answer by
Level 8

There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.

1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.

2. create a registration component that asks basic details, email address, first name, last name.

3. on clicking of the submit button using Ajax, call servlet.

4. the servlet should handle creating a user and adding to the group

5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.

6. the servlet should contain below sample code.

ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();

 

7. Once the user creation is successful, then you need to send out an email to the external user.

8. Create OSGI service which sends an email to the external -user

refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html

9. in the body of the email attach a link to change the password and send a temporary password

10. the change password page should contain a password change component,

11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6