Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Ability to send invitations to external users (System Generated)

bikash_kumar306
Level 2
Level 2

Hi All,

 

The Admin user should able to create the external user by providing the email of external user with temporary password(System generated) and provide access to specific folder in DAM through user interface and send this invitation to external user by mail automatically(System generated). The External user should login through that invitation and able to update the password.

 

Could you please let me know how we can achieve this in AEM .

 

Regards

Bikash Singh

1 Accepted Solution
raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.

1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.

2. create a registration component that asks basic details, email address, first name, last name.

3. on clicking of the submit button using Ajax, call servlet.

4. the servlet should handle creating a user and adding to the group

5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.

6. the servlet should contain below sample code.

ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();

 

7. Once the user creation is successful, then you need to send out an email to the external user.

8. Create OSGI service which sends an email to the external -user

refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html

9. in the body of the email attach a link to change the password and send a temporary password

10. the change password page should contain a password change component,

11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6

View solution in original post

2 Replies
Nikhil-Kumar
Community Advisor
Community Advisor

@bikash_kumar306 

In this scenario you have you can follow below procedure:

1. Creating a UI From with the required field like emailid, name, password and path to access.

2. On click of submit call a service to create a user in AEM programatically and trigger an email to the mentioned email Id

To generate user programatically refer https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/programmatic-user-creation... 

Thanks,
Nikhil

raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

There are multiple things involved here, you need to have protected page, two components, two servlets and OSGI service.

1. The pages should be protected, registering users should not be allowed on an anonymous page and the page should be visible to only admin users.

2. create a registration component that asks basic details, email address, first name, last name.

3. on clicking of the submit button using Ajax, call servlet.

4. the servlet should handle creating a user and adding to the group

5. it is best practise is to create a separate group and add permissions, instead of creating permissions for every user.

6. the servlet should contain below sample code.

ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
session = resourceResolver.adaptTo(Session.class);
//Create a UserManager instance from the session object
UserManager userManager = ((JackrabbitSession) session).getUserManager();
String path = "/home/users/geometrixx";
JackrabbitSession js = (JackrabbitSession) session;
// Create a Group and User
Group group = userManager.createGroup("My Group");
User user = userManager.createUser(name, "AEM");
// Add Users to Group
Authorizable authUser = userManager.getAuthorizable(user.getID());
group.addMember(authUser);
// Provide permissions to Group
AccessControlManager accCtrlMgr = session.getAccessControlManager();
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
Principal groupPrincipal = principalMgr.getPrincipal("My Group");
Privilege[] privileges = new Privilege[] { accCtrlMgr.privilegeFromName(Privilege.JCR_ALL) };
javax.jcr.security.AccessControlPolicyIterator accList= accCtrlMgr.getApplicablePolicies(path);
javax.jcr.security.AccessControlList acl =(AccessControlList) accList.nextAccessControlPolicy();
acl.addAccessControlEntry(groupPrincipal, privileges);
accCtrlMgr.setPolicy(path, acl);
session.save();

 

7. Once the user creation is successful, then you need to send out an email to the external user.

8. Create OSGI service which sends an email to the external -user

refer this: https://adobe-consulting-services.github.io/acs-aem-commons/features/e-mail/email-api/index.html

9. in the body of the email attach a link to change the password and send a temporary password

10. the change password page should contain a password change component,

11. create a separate servlet for changing the password, in the servlet validate the email address and temporary password, if validation success then allows him to change the password otherwise display failure notification. for this, you can reuse most of the code which is mentioned in step 6

View solution in original post