Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

AccessControlUtils.addAccessControlEntry getting failed with permission issue in 6.3

Avatar

Level 1
Level 1
9/4/18 9:52:13 AM

AccessControlUtils.addAccessControlEntry getting failed with permission issue in AEM6.3 but working fine in AEM6.1

Exception -

javax.jcr.AccessDeniedException: Access denied.

   at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)

   at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)

   at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)

   at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)

   at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)

   at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)

   at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:108)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.addAccessControlEntry(AccessControlUtils.java:185)

any idea ??

Views

1.8K

Replies

11
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
9/4/18 3:02:58 PM

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.

Arun Patidar

AEM LinksLinkedIn

View solution in original post

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
11 Replies

Avatar

Level 10
Level 10
9/4/18 10:07:42 AM

Show full code example please

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 10:56:52 AM

This is call to addAccessControlEntry -

  

   AccessControlUtils.addAccessControlEntry(session, <actual path of the asset>, getEveryonePrincipal(session), getWritePriviledges(session), false);

  

  

   Below is method for everyone Principal and Privilege -

  

   private Principal getEveryonePrincipal(final Session session) throws RepositoryException {

        JackrabbitSession jcrSession = (JackrabbitSession) session;

        PrincipalManager principalMgr = jcrSession.getPrincipalManager();

        return principalMgr.getPrincipal(EVERYONE_NAME);

    }

    private Privilege[] getWritePriviledges(final Session session) throws RepositoryException {

        AccessControlManager accCtrlMgr = session.getAccessControlManager();

        return new Privilege[]{accCtrlMgr.privilegeFromName(Privilege.JCR_WRITE)};

    }

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
9/4/18 11:11:12 AM

Hi,

What session are you using? User session or subservice session.

Arun Patidar

AEM LinksLinkedIn

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 11:20:10 AM

its Workflow session - final Session session = workflowSession.adaptTo(Session.class);

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 11:21:59 AM

not tried any thing to whitelist. What exactly need to be done ?

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
9/4/18 11:22:19 AM

See this -- How to get jcr Session in the workflow?

To whitelist the bundle - see this -- Scott's Digital Community: Adobe Experience Manager FAQs and other Tips  (Search whitelist)

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 1:41:38 PM

using same way to get session i.e adaptTo - final Session session = workflowSession.adaptTo(Session.class);

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
9/4/18 1:43:57 PM

I will test this tomorrow to see if we can cast to JCR Session and use it to interact with JCR operations.

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
9/4/18 1:53:51 PM

Sure, thanks

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
9/4/18 2:30:38 PM

Also - check this article - we perform JCR operations here -- Modifying Digital Assets using Adobe Experience Manager Workflows

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
9/4/18 3:02:58 PM

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.

Arun Patidar

AEM LinksLinkedIn

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Default content is blank in Preview/View as Published mode

Views

152

Likes

0

Replies

1
How can I get the reference collections associated to an Asset in code

Views

327

Likes

0

Replies

1
Enable Workflow in Universal Editor

Views

307

Likes

0

Replies

1
AEM as cloud and Generic List (ACS Commons) DAM metadata Schema - Options not saving in the dropdown

Views

648

Likes

0

Replies

2
Can we use Microsoft OpenJDK11 with AEMaaCS ?

Views

164

Likes

0

Replies

2