Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AccessControlUtils.addAccessControlEntry getting failed with permission issue in 6.3

Avatar

Level 1

AccessControlUtils.addAccessControlEntry getting failed with permission issue in AEM6.3 but working fine in AEM6.1

Exception -

javax.jcr.AccessDeniedException: Access denied.

   at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)

   at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)

   at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)

   at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)

   at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)

   at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

   at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)

   at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:108)

   at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.addAccessControlEntry(AccessControlUtils.java:185)

any idea ??

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.

View solution in original post

11 Replies

Avatar

Level 1

This is call to addAccessControlEntry -

  

   AccessControlUtils.addAccessControlEntry(session, <actual path of the asset>, getEveryonePrincipal(session), getWritePriviledges(session), false);

  

  

   Below is method for everyone Principal and Privilege -

  

   private Principal getEveryonePrincipal(final Session session) throws RepositoryException {

        JackrabbitSession jcrSession = (JackrabbitSession) session;

        PrincipalManager principalMgr = jcrSession.getPrincipalManager();

        return principalMgr.getPrincipal(EVERYONE_NAME);

    }

    private Privilege[] getWritePriviledges(final Session session) throws RepositoryException {

        AccessControlManager accCtrlMgr = session.getAccessControlManager();

        return new Privilege[]{accCtrlMgr.privilegeFromName(Privilege.JCR_WRITE)};

    }

Avatar

Community Advisor

Hi,

What session are you using? User session or subservice session.

Avatar

Level 1

its Workflow session - final Session session = workflowSession.adaptTo(Session.class);

Avatar

Level 1

not tried any thing to whitelist. What exactly need to be done ?

Avatar

Level 1

using same way to get session i.e adaptTo - final Session session = workflowSession.adaptTo(Session.class);

Avatar

Level 10

I will test this tomorrow to see if we can cast to JCR Session and use it to interact with JCR operations.

Avatar

Correct answer by
Community Advisor

Hi,

From workflow you need to get session like

Session session = workflowSession.getSession();

Then you can try to cast JackrabbitSession jcrSession = (JackrabbitSession) session;

Please check session user and permission as well.