Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

AEM 6.3.3 | Error while saving using session.save()

Avatar

Community Advisor

Hi All,

I'm using Service User Mapper configuration as well as using the corresponding code for the same.

Also, provided the full permission to my system user.

Still i'm getting Access Denied.

javax.jcr.AccessDeniedException: OakAccess0000: Access denied

at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)

at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)

at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)

at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)

at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:208)

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Looks like your serviceUser does not have permissions to create users; make sure that the service user has permissions to create and modify nodes below /home/users.

View solution in original post

13 Replies

Avatar

Community Advisor

What kind of node are you trying to save ?

Avatar

Community Advisor

Veena_07

I have created user via createuser method (i.e. UserManager ("The Adobe AEM Quickstart and Web Application.") ).

then setting user properties.

Avatar

Community Advisor

Does that mean even the system user creation is done programmatically here ? If so , did you use createUser method or createSystemUser ?

Avatar

Community Advisor

Veena_07,

I have implemented Registration functionality which is Servlet that gets data from form.

Based, on that data i createUser via code taking session via systemuser.

Avatar

Community Advisor

Can you provide the code snippet which is throwing the error ? I will try it in my local and let you know if I am also facing the issue , if so will try to figure out a solution. Also please let us know the AEM version

Avatar

Community Advisor

Veena_07​,

I'm using AEM 6.3 SP3.

Sample code written in OSGI R6:

import java.io.IOException;

import java.rmi.ServerException;

import org.osgi.service.component.annotations.Reference;

import org.osgi.service.component.annotations.Component;

import org.apache.sling.api.SlingHttpServletRequest;

import org.apache.sling.api.SlingHttpServletResponse;

import org.apache.sling.api.resource.ResourceResolver;

import org.apache.sling.api.resource.ResourceResolverFactory;

import org.apache.sling.auth.core.spi.AuthenticationInfo;

import org.apache.sling.commons.json.JSONException;

import org.apache.sling.commons.json.JSONObject;

import org.apache.sling.jcr.api.SlingRepository;

import org.apache.sling.jcr.base.util.AccessControlUtil;

import org.apache.sling.settings.SlingSettingsService;

import org.apache.jackrabbit.api.security.user.UserManager;

import org.apache.jackrabbit.api.security.user.User;

import org.apache.jackrabbit.api.security.user.Group;

import javax.jcr.ValueFactory;

import org.osgi.framework.ServiceRegistration;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import javax.jcr.RepositoryException;

import javax.jcr.Session;

import javax.jcr.Value;

import javax.servlet.Servlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.adobe.cq.sightly.WCMResourceOptions;

import com.adobe.granite.security.user.UserProperties;

import com.day.crx.security.token.TokenCookie;

import com.day.crx.security.token.TokenUtil;

import org.apache.jackrabbit.api.security.user.Authorizable;

@Component(service=Servlet.class,

immediate = true,

property={

"sling.servlet.methods=POST",

"sling.servlet.paths=/bin/registration",

"metatype=true"

})

public class RegistrationServlet extends

org.apache.sling.api.servlets.SlingAllMethodsServlet {

public static boolean successFlag = false;

private static final long serialVersionUID = 2598426539166789515L;

private static final Logger LOGGER = LoggerFactory

.getLogger(RegistrationServlet.class);

private static final String AEM_REGN_EXCEPTION = "REGN001";

@Reference

private SlingRepository repository;

@Reference

private UserService userService;

@Reference

private SlingSettingsService slingSettings;

@Reference

private ResourceResolverFactory resolverFactory;

public void bindRepository(SlingRepository repository) {

this.repository = repository;

}

@Override

protected void doPost(SlingHttpServletRequest request,

SlingHttpServletResponse response) throws ServerException,

IOException {

boolean success = false;

String returnMsg = "";

String returnCode = "";

JSONObject jsonObject = new JSONObject();

Session adminSession = null;

ResourceResolver resolver = null;

String redirectReg = "";

try {

try {

LOGGER.error("RegnServlet : Registration Request Received for Params+"

+ request.getParameter("firstName")

+ ",userName->"

+ request.getParameter("userName"));

String firstName = request.getParameter("firstName");

String lastName = request.getParameter("lastName");

String userName = request.getParameter("userName");

String password = request.getParameter("password");

String countryCode = request.getParameter("countryCode");

String countryName = request.getParameter("countryName");

Boolean termConditions=Boolean.valueOf(termCondition);

resolver = getResourceResolver(resolverFactory, "dataWriter");

adminSession = resolver.adaptTo(Session.class);

UserManager userManager = AccessControlUtil.getUserManager(adminSession);

User user = (User) userManager.getAuthorizable(userName);

if (userService.userExists(userName, adminSession)) {

throw new Exception("User already exists, Please Login");

}

user = userManager.createUser(userName, password,

new SimplePrincipal(userName),

"/home/users");

ValueFactory valueFactory = adminSession.getValueFactory();

Value emailValue = valueFactory.createValue(userName);

Value userType = valueFactory.createValue("external");

Value givenName = valueFactory.createValue("test");

Value familyName = valueFactory.createValue("test2"));

user.setProperty("./profile/givenName", givenName);

user.setProperty("./profile/familyName", familyName);

user.setProperty("profile/" + UserProperties.EMAIL,

emailValue);

user.setProperty("profile/userType", userType);

adminSession.save();

AuthenticationInfo authnInfo = null;

try {

LOGGER.info("RegnServlet :   create token and return");

authnInfo = TokenUtil.createCredentials(request,

response, repository, userName, true);

} catch (RepositoryException e) {

LOGGER.error(

"RegnServlet : Repository error authenticating user: {} ~> {}",

userName, e);

} finally {

LOGGER.info("RegnServlet : In Finally");

}

if (authnInfo != null) {

redirectReg = loginSucceeded(request, response,

authnInfo, adminSession, resObj);

LOGGER.info("redirectReg" + redirectReg);

}

success = true;

}  catch (RepositoryException e) {

returnMsg = e.getMessage();

returnCode = AEM_REGN_EXCEPTION;

LOGGER.error("RegnServlet : error", e);

} catch (Exception e) {

returnMsg = "Please try later";

returnCode = AEM_REGN_EXCEPTION;

LOGGER.error("AEM server error",

e);

e.printStackTrace();

}

if (success) {

response.setStatus(HttpServletResponse.SC_OK);

try {

jsonObject.put("successReg", redirectReg);

} catch (JSONException e) {

LOGGER.warn("RegnServlet Unable to write success json");

}

response.getWriter().write(jsonObject.toString());

response.flushBuffer();

} else {

// Error response

response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);

try {

jsonObject.put("errorCode", returnCode);

jsonObject.put("errorDetail", returnMsg);

} catch (JSONException e) {

LOGGER.warn("RegnServlet Unable to write error json");

}

response.getWriter().write(jsonObject.toString());

response.flushBuffer();

}

}

}

private String loginSucceeded(HttpServletRequest request,

HttpServletResponse response, AuthenticationInfo authInfo, Session adminSession, Response resObj) {

TokenCookie tokenCookie = TokenCookie.fromRequest(request);

if (tokenCookie != null) {

TokenCookie.setCookie(response, "register-token",

tokenCookie.toString(), 63072000, "/",

request.getServerName(), true, false);

}

String resource = "/en.html";

return resource;

}

public void includeResource(SlingHttpServletResponse customResponse,

String script,

String dispatcherOptions,

String resourceType,

WCMResourceOptions wcmResourceOptions){

}

public ResourceResolver getResourceResolver(final ResourceResolverFactory resolverFactory,

final String subServiceName) throws LoginException {

final Map<String, Object> param = new HashMap<>();

param.put(ResourceResolverFactory.SUBSERVICE, subServiceName);

return resolverFactory.getServiceResourceResolver(param);

}

}

Avatar

Correct answer by
Employee Advisor

Looks like your serviceUser does not have permissions to create users; make sure that the service user has permissions to create and modify nodes below /home/users.

Avatar

Community Advisor

Jörg Hoh​,

I have given full permission to my system user:1683402_pastedImage_1.png

Avatar

Employee Advisor

That's strange. But the only explanation for this exception are insufficient permissions of the service owning that session. Just to eliminate all other reasons, can you temporarily switch to an admin user and try that?

Jörg

Avatar

Community Advisor

jos71571139​,

Are you saying yo use login.adminstrative() method.

Avatar

Level 10

Exactly - try that call and you will see it working. It looks like a permission issue as Joerg mentions

Avatar

Level 10

Here is a Persist use case in 6.4 with a video. As you can see, when we submit a new employee - the data is persisted.

Scott's Digital Community: Persisting Adobe Experience Manager 6.4 JCR data using a Custom Form Acti...

Avatar

Level 10

You can use similar logic for AEM 6.3.3. Just use Maven Arch 12 for a 6.3 project.