Adobe Experience Manager Sites & More

rajneeshg · 2/11/18

AEM version - 6.2

System user has jcr:read and crx:replicate privilege on the page whose replication status is being looked up.

resourceResolverProps.put(ResourceResolverFactory.SUBSERVICE, "pageStatusSystemUser");
try {
    resourceResolver = resourceResolverFactory.getResourceResolver(resourceResolverProps);
} catch(Lo...) {
    .....
}
session = resourceResolver.adaptTo(Session.class);
replicationStatus = replicator.getReplicationStatus(session,"/content/sitename/pagename");

session object is available suggesting the system user is correct, however the replicationStatus object is always null, any clues on what is missing please? Is the system user privileges correct? (Verifying the system user using /useradmin console shows both read and replicate privileges are available on /content/sitename/pagename content )

Julio_Tobar · 2/13/18

rajneeshg, there are few things I'd try to get it fix.

use resourceResolverFactory.getServiceResourceResolver(resourceResolverProps); instead of "resourceResolverFactory.getResourceResolver(resourceResolverProps);"
immediately after getting the "resourceResolver" object check to see the mapped System User: resourceResolver.getUserID(); this should map the system user you mapped; if it does not return the user you mapped then check your configuration, must likely you didn't add the right bundleId to the mapping
Once you are sure you are using the system user you created and still cannot access the data then try assigning the user to the administrators group, this way you can rule out permission issues. Once you do get access to the data you need then remove the user from the administrators group and assigned tailored permissions

/* get a handle to the resourceResolver */

logger.info("get ResourceResolver");

// prepare params to get system user

Map<String, Object> serviceParams = new HashMap<String, Object>();

serviceParams.put(ResourceResolverFactory.SUBSERVICE, SUBSERVICE);

try {

// get resource resolver for the system user set in user mapper

ResourceResolver resourceResolver = resourceResolverFactory.

getServiceResourceResolver(serviceParams);

/* get a handle to ReplicationStatus */

logger.info("get ReplicationStatus using user: " + resourceResolver.getUserID());

Resource resource = resourceResolver.getResource(PAGE_CHECK_REPLICATION);

logger.info("Resource: " + resource.getPath());

ReplicationStatus replicationStatus = resource.adaptTo(ReplicationStatus.class);

/* show replication status of the resource */

logger.info("LAST REPLICATION USER: " + replicationStatus.getLastPublishedBy());

PrintWriter out = response.getWriter();

out.print ("REPLICATION USER FOR " + PAGE_CHECK_REPLICATION + " IS " +

replicationStatus.getLastPublishedBy());

out.flush();

out.close();

} catch (LoginException e) {

e.printStackTrace();

}

View solution in original post

Ravi_Pampana · 2/11/18

Hi,

You can use session to get the jcrcontent node of the required page and read cq:lastReplicationAction property to find replication status of page.

String activationStatus = "";

Node pageJcrNode = session.getNode("/content/sitename/pagename/jcr:content");

if(pageJcrNode != null && pageJcrNode.hasProperty("cq:lastReplicationAction")) {

activationStatus = pageJcrNode.getProperty("cq:lastReplicationAction").getString();

}

Hope this helps.

rajneeshg · 2/12/18

Thanks you for the response.

Still fails with a repository exception.(system user has jcr:read,crx:replicate privilege on /content/sitename/pagename only)

If I am not wrong this is a privilege issue. Are any jcr/crx privilege(s) missing for the system user?

(ReplicationStatus and Node look up works perfectly with the deprecated session method - repository.loginAdministrative(null))

smacdonald2008 · 2/12/18

As you said it works when using the resolverFactory.getAdministrativeResourceResolver method, i would consider white listing the bundle. I have seen cases where this happens - not matter how many permissions you give the system user - it will not work like getAdministrativeResourceResolver. I am not sure why that occurs.

Julio_Tobar · 2/13/18

rajneeshg, there are few things I'd try to get it fix.

use resourceResolverFactory.getServiceResourceResolver(resourceResolverProps); instead of "resourceResolverFactory.getResourceResolver(resourceResolverProps);"
immediately after getting the "resourceResolver" object check to see the mapped System User: resourceResolver.getUserID(); this should map the system user you mapped; if it does not return the user you mapped then check your configuration, must likely you didn't add the right bundleId to the mapping
Once you are sure you are using the system user you created and still cannot access the data then try assigning the user to the administrators group, this way you can rule out permission issues. Once you do get access to the data you need then remove the user from the administrators group and assigned tailored permissions

/* get a handle to the resourceResolver */

logger.info("get ResourceResolver");

// prepare params to get system user

Map<String, Object> serviceParams = new HashMap<String, Object>();

serviceParams.put(ResourceResolverFactory.SUBSERVICE, SUBSERVICE);

try {

// get resource resolver for the system user set in user mapper

ResourceResolver resourceResolver = resourceResolverFactory.

getServiceResourceResolver(serviceParams);

/* get a handle to ReplicationStatus */

logger.info("get ReplicationStatus using user: " + resourceResolver.getUserID());

Resource resource = resourceResolver.getResource(PAGE_CHECK_REPLICATION);

logger.info("Resource: " + resource.getPath());

ReplicationStatus replicationStatus = resource.adaptTo(ReplicationStatus.class);

/* show replication status of the resource */

logger.info("LAST REPLICATION USER: " + replicationStatus.getLastPublishedBy());

PrintWriter out = response.getWriter();

out.print ("REPLICATION USER FOR " + PAGE_CHECK_REPLICATION + " IS " +

replicationStatus.getLastPublishedBy());

out.flush();

out.close();

} catch (LoginException e) {

e.printStackTrace();

}

smacdonald2008 · 2/13/18

Great answer julio - do you find it works better when using getServiceResourceResolver instread of getResourceResolver?

Julio_Tobar · 2/13/18

HI Scott (-sorry if I misspelled your name-), Actually both methods work differently, as per documentation (http://sling.apache.org/apidocs/sling7/) we should be using getResourceResolver() when we provide further configurations and use getServiceResourceResolver() when we want to assign privileges via a service provided by calling the bundle; sutil but relevant.

ResourceResolver Guatemala, Central America

Jörg_Hoh · 2/13/18

HI,

I think that it is not sufficient just to have read permissions on the content node to determine the replication status. Be aware what this functionality is doing. It checks all pending replication events if the page is part of such an replication event. If it's not, it is obviously not part of an ongoing replication and the status from the page itself can be used.

That means that your service user should also have permissions to read all sling replication jobs (stored in /var/eventing/jobs). And I believe, that the privilege "crx:replicate" is not required.

Jörg

rajneeshg · 2/14/18

Thank you everyone, here is the solution which works for me.

1. System user has only jcr:read permission on the page - /content/sitename/pagename

2.

resourceResolverProps.put(ResourceResolverFactory.SUBSERVICE, "pageStatusSystemUser"); 
try { 
    resourceResolver = resourceResolverFactory.getServiceResourceResolver(resourceResolverProps);
    Resource resource = resourceResolver.getResource("/content/sitename/pagename");
    if(resource != null) {
        ReplicationStatus replicationStatus = resource.adaptTo(ReplicationStatus.class);
    }
} catch(Lo...) { 
    ..... 
}