Adobe Experience Manager Sites & More

KritiRathiTela · 9/4/18

AccessControlUtils.addAccessControlEntry getting failed with permission issue in AEM6.3 but working fine in AEM6.1

Exception -

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)

at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)

at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)

at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:108)

at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.addAccessControlEntry(AccessControlUtils.java:185)

any idea ??

arunpatidar · 9/4/18

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.

Arun Patidar

View solution in original post

smacdonald2008 · 9/4/18

Show full code example please

KritiRathiTela · 9/4/18

This is call to addAccessControlEntry -

AccessControlUtils.addAccessControlEntry(session, <actual path of the asset>, getEveryonePrincipal(session), getWritePriviledges(session), false);

Below is method for everyone Principal and Privilege -

private Principal getEveryonePrincipal(final Session session) throws RepositoryException {

JackrabbitSession jcrSession = (JackrabbitSession) session;

PrincipalManager principalMgr = jcrSession.getPrincipalManager();

return principalMgr.getPrincipal(EVERYONE_NAME);

}

private Privilege[] getWritePriviledges(final Session session) throws RepositoryException {

AccessControlManager accCtrlMgr = session.getAccessControlManager();

return new Privilege[]{accCtrlMgr.privilegeFromName(Privilege.JCR_WRITE)};

}

arunpatidar · 9/4/18

Hi,

What session are you using? User session or subservice session.

Arun Patidar

KritiRathiTela · 9/4/18

its Workflow session - final Session session = workflowSession.adaptTo(Session.class);

KritiRathiTela · 9/4/18

not tried any thing to whitelist. What exactly need to be done ?

smacdonald2008 · 9/4/18

See this -- How to get jcr Session in the workflow?

To whitelist the bundle - see this -- Scott's Digital Community: Adobe Experience Manager FAQs and other Tips (Search whitelist)

KritiRathiTela · 9/4/18

using same way to get session i.e adaptTo - final Session session = workflowSession.adaptTo(Session.class);

smacdonald2008 · 9/4/18

I will test this tomorrow to see if we can cast to JCR Session and use it to interact with JCR operations.

KritiRathiTela · 9/4/18

Sure, thanks

smacdonald2008 · 9/4/18

Also - check this article - we perform JCR operations here -- Modifying Digital Assets using Adobe Experience Manager Workflows

arunpatidar · 9/4/18

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.

Adobe Experience Manager Sites & More

AccessControlUtils.addAccessControlEntry getting failed with permission issue in 6.3

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe