Access issue through sling.scripting in aem 6.4

Parusharam

11-02-2019

Hi,

We are migrating from AEM 6.2 to 6.4. In 6.2, we are able to access  any node under /etc or /content using sling-scripting bundle. but the same is not working  in aem 6.4.

Steps to Reproduce the issue:

1. Get the ResourceResolverFactory from "getSling().getService(ResourceResolverFactory.class)"

2. Get the resource resolver and system user from the above factory.

3. Get the resource using "resourceResolver.getResource("/etc/cloudServices") ".

and I have created the system user and gave the access to /etc.

Accepted Solutions (1)

Accepted Solutions (1)

Answers (7)

Answers (7)

PuzanovsP

MVP

12-02-2019

First, normally formatted code:

public class StartComponent extends AbstractComponent {

   private static Logger log = LoggerFactory.getLogger(StartComponent.class);

   /**
  * dialog property variable formid.
  */
   @JcrProperty(name = "formid")

   private String formid;

   /**
  * dialog property variable overridebsubmitText.
  */
   @JcrProperty(name = "overrideanalyticssubmittext")

   private String overrideanalyticssubmittext;

   /**
  * dialog property variable actionType.
  */
   @JcrProperty(name = "actionType")

   private String actionType;

  @JcrProperty(name = "invisibleCaptcha")

   private String invisibleCaptcha;

  @JcrProperty(name = "disableCaptcha")

   private String disableCaptcha;

   /**
  * added field to override omniture value for submit button
  */
   private String analyticssubmittext;

   private String captchaKey = "";

   private String invisibleCaptchaKey = "";

   private ResourceResolver resourceResolver;

   @Override
   public void doAction() {

  getComponentContext().setDecorate(true);

   resourceResolver = Utilities.getResourceResolver(getSling().getService(ResourceResolverFactory.class)); // getting systemuser from Utilities
   log.debug("resourceResolver :{}", resourceResolver);

  Resource resource = resourceResolver.getResource("/etc/cloudservices/googlecaptcha");  // this value is null. if it is only one level('/etc' or '/apps') then it is returning the resource properly
   log.debug("resource :{}", resource);

  Node etcCaptchaNode = resource.adaptTo(Node.class);

   log.debug("etcCaptchaNode :{}", etcCaptchaNode);

   try //Do something
   } catch (Exception e) {

   log.error("Exception :{}", e);

  } finally {

   if (resourceResolver != null) {

   resourceResolver.close();

  }

  }

  }

Secondly, relying on sling script helper to get you nodes under /etc/cloudservices, is not something I would expect to happen.

Best, would be to rewrite this and have a normal ResourceResolver with official permissions to read from /etc/cloudservices.

Regards,

Peter

Jörg_Hoh

Employee

13-02-2019

I don't think that messing with the permissions of the ootb service-users is a good idea. This user is "owned" by the system, and if these permissions are ever going to be adapted (not sure if that will happen), I doubt that it will be outlined as such. The result is that your kind might break for no apparent reason.

I never had the reason to adapt the permissions of a service-user. It's like you are always working with the Administrator account on Windows.

Parusharam

12-02-2019

Please find the bellow code. public class StartComponent extends AbstractComponent{       private static Logger log = LoggerFactory.getLogger(StartComponent.class);     /** dialog property variable formid. */ @JcrProperty(name = "formid") private String  formid;         /** dialog property variable overridebsubmitText. */     @JcrProperty(name = "overrideanalyticssubmittext")     private String  overrideanalyticssubmittext;         /** dialog property variable actionType. */     @JcrProperty(name = "actionType")     private String actionType;         @JcrProperty(name = "invisibleCaptcha")     private String invisibleCaptcha;         @JcrProperty(name = "disableCaptcha")     private String disableCaptcha;       /** added field to override omniture value for submit button  */     private String analyticssubmittext;     private String captchaKey ="";         private String invisibleCaptchaKey ="";         private ResourceResolver resourceResolver;     @Override public void doAction() {     getComponentContext().setDecorate(true);                   resourceResolver = Utilities.getResourceResolver(getSling().getService(ResourceResolverFactory.class)); // getting systemuser from Utilities         log.debug("resourceResolver :{}",resourceResolver);         Resource resource = resourceResolver.getResource("/etc/cloudservices/googlecaptcha");  // this value is null. if it is only one level('/etc' or '/apps') then it is returning the resource properly         log.debug("resource :{}",resource);         Node etcCaptchaNode =resource.adaptTo(Node.class);         log.debug("etcCaptchaNode :{}",etcCaptchaNode);         try {     //Do something         }catch (Exception e) { log.error("Exception :{}",e); }         //TODO To be verified         finally {             if (resourceResolver != null) {             resourceResolver.close();             }                     }         }     This is written for AEM 6.2 but the same is not working in AEM 6.4.

Jörg_Hoh

Employee

11-02-2019

In later versions the permissions of the sling-scripting user has been restricted, that means that any scripts (HTL oder JSP) are limited in what they can see.

Jörg