AccessControlUtils.addAccessControlEntry getting failed with permission issue in AEM6.3 but working fine in AEM6.1
Exception -
javax.jcr.AccessDeniedException: Access denied.
at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)
at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)
at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)
at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)
at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)
at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)
at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)
at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)
at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:108)
at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.addAccessControlEntry(AccessControlUtils.java:185)
any idea ??
Solved! Go to Solution.
Views
Replies
Total Likes
Hi,
From workflow you need to get session like
Session session = workflowSession.getSession();
Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;
Please check session user and permission as well.
Views
Replies
Total Likes
Show full code example please
Views
Replies
Total Likes
This is call to addAccessControlEntry -
AccessControlUtils.addAccessControlEntry(session, <actual path of the asset>, getEveryonePrincipal(session), getWritePriviledges(session), false);
Below is method for everyone Principal and Privilege -
private Principal getEveryonePrincipal(final Session session) throws RepositoryException {
JackrabbitSession jcrSession = (JackrabbitSession) session;
PrincipalManager principalMgr = jcrSession.getPrincipalManager();
return principalMgr.getPrincipal(EVERYONE_NAME);
}
private Privilege[] getWritePriviledges(final Session session) throws RepositoryException {
AccessControlManager accCtrlMgr = session.getAccessControlManager();
return new Privilege[]{accCtrlMgr.privilegeFromName(Privilege.JCR_WRITE)};
}
Views
Replies
Total Likes
Hi,
What session are you using? User session or subservice session.
Views
Replies
Total Likes
its Workflow session - final Session session = workflowSession.adaptTo(Session.class);
Views
Replies
Total Likes
not tried any thing to whitelist. What exactly need to be done ?
Views
Replies
Total Likes
See this -- How to get jcr Session in the workflow?
To whitelist the bundle - see this -- Scott's Digital Community: Adobe Experience Manager FAQs and other Tips (Search whitelist)
Views
Replies
Total Likes
using same way to get session i.e adaptTo - final Session session = workflowSession.adaptTo(Session.class);
Views
Replies
Total Likes
I will test this tomorrow to see if we can cast to JCR Session and use it to interact with JCR operations.
Views
Replies
Total Likes
Sure, thanks
Views
Replies
Total Likes
Also - check this article - we perform JCR operations here -- Modifying Digital Assets using Adobe Experience Manager Workflows
Views
Replies
Total Likes
Hi,
From workflow you need to get session like
Session session = workflowSession.getSession();
Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;
Please check session user and permission as well.
Views
Replies
Total Likes