Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Add protection to local document

I have been asked to rewrite a Java application that applies protections to supported file types. The current application was written using the old PPL SDK (PDFUtil class in PPLClientNative.jar), which was C++/DLL based with Java wrappers, and only ran on Windows platforms. It uses a REST call to" to pull policy information from the server and then applies policies to files on the local client host. I am attempting to re-implement the tool using the newer Java libraries such as adobe-rightsmanagement-client so that the tool will run on Linux systems as well.

The original tool did not utilize any username/password authentication when connecting to the LC/AEM service. For example, to protect a document it used PPLUtil.protectDocument(filename, doc type, policy id, url). Unfortunately, I haven't been able to find any Java examples using the newer Java libraries/SDKs that show how to apply protection to a document without also using username/password authentication.

Anyone have any examples based on the newer Java libraries that does not utilize username/password authentication? My current attempt uses

URL url = new URL("");

ServiceClientFactory scf = ServiceClientFactory.createInstance(url);


After creating a RightsManagementClient and a DocumentManager, I try to invoke the DocumentManager protectDocument() method which throws an SDKExeception "An error occurred while performing this operation...". In the stack trace is a reference to the SCFConnection class, so my assumption is that the program is failing to connect to the server. Any ideas?

1 Reply


Level 8

The original application was likely using SSO as you cannot apply a policy to a document without authenticating.  I'll locate a sample of applying a policy using the JAVA PPL and provide it shortly.


Level 8

Can you let me know what version of the server you're using please?

Sorry for the delay. The server I'm testing against is running AEM 6.1. The server is also running WebLogic 12c.


Level 1

Hi Ron,

The client needs to authenticate with the server before protecting a document. This is valid for all clients, be it C++ SDK/PPL or Java SDK/PPL. There are various mechanisms of authentication like username/password, mutual authentication etc. Mutual authentication is at times transparent where the certificate is automatically fetched from Windows store/CAC. Which authentication mechanism are you supporting in C++ PPL ?  Are you using mutual authentication ? If yes, Java SDK/PPL has also started supporting mutual authentication but the steps to use are different. Look out at Mutual authentication related properties in Service Client Factory. This is documented at -

Hope this helps,


I've made some progress on my own and have been able to get the SOAP Mutual Authentication to work using a general CA chain JKS file as the truststore URL and a personal cert JKS file as the keystore URL. Knowing this combination works is good, but it presents some problems.

I'm rewriting a stand-alone application that communicates with the AEM server. The current application uses the old C++ PPL SDK with the Java wrapper API. The old application seems to rely on the SSL configuration for the user as I don't see any place in the code that explicitly reads in any keystore or truststore files. If at all possible, I would like the new version of the application, that is based on the newer Java API, to operate in a similar way.

Under windows, I can get the user's keystore and truststore content using a combination of and classes (I assume these will work under Linux as well). I use that information to create a SSLContext and set up a SSL socket for REST calls to the AEM server. Is there a way to use the newer Java AEM API with the certs that are already loaded in the system like I do for HTTP REST calls, instead of relying on physical JKS files as I do currently in my toy program?