AEM 6.3.3 | Error while saving using session.save()

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

27-01-2019

Hi All,

I'm using Service User Mapper configuration as well as using the corresponding code for the same.

Also, provided the full permission to my system user.

Still i'm getting Access Denied.

javax.jcr.AccessDeniedException: OakAccess0000: Access denied

at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)

at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)

at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)

at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)

at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:208)

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K
Jörg_Hoh
Employee

03-02-2019

Looks like your serviceUser does not have permissions to create users; make sure that the service user has permissions to create and modify nodes below /home/users.

Answers (12)

Answers (12)

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K
Jörg_Hoh
Employee

03-02-2019

That's strange. But the only explanation for this exception are insufficient permissions of the service owning that session. Just to eliminate all other reasons, can you temporarily switch to an admin user and try that?

Jörg

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

05-02-2019

You can use similar logic for AEM 6.3.3. Just use Maven Arch 12 for a 6.3 project.

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

05-02-2019

Here is a Persist use case in 6.4 with a video. As you can see, when we submit a new employee - the data is persisted.

Scott's Digital Community: Persisting Adobe Experience Manager 6.4 JCR data using a Custom Form Acti...

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

04-02-2019

Exactly - try that call and you will see it working. It looks like a permission issue as Joerg mentions

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

04-02-2019

jos71571139​,

Are you saying yo use login.adminstrative() method.

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

03-02-2019

Jörg Hoh​,

I have given full permission to my system user:1683402_pastedImage_1.png

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

03-02-2019

Veena_07​,

I'm using AEM 6.3 SP3.

Sample code written in OSGI R6:

import java.io.IOException;

import java.rmi.ServerException;

import org.osgi.service.component.annotations.Reference;

import org.osgi.service.component.annotations.Component;

import org.apache.sling.api.SlingHttpServletRequest;

import org.apache.sling.api.SlingHttpServletResponse;

import org.apache.sling.api.resource.ResourceResolver;

import org.apache.sling.api.resource.ResourceResolverFactory;

import org.apache.sling.auth.core.spi.AuthenticationInfo;

import org.apache.sling.commons.json.JSONException;

import org.apache.sling.commons.json.JSONObject;

import org.apache.sling.jcr.api.SlingRepository;

import org.apache.sling.jcr.base.util.AccessControlUtil;

import org.apache.sling.settings.SlingSettingsService;

import org.apache.jackrabbit.api.security.user.UserManager;

import org.apache.jackrabbit.api.security.user.User;

import org.apache.jackrabbit.api.security.user.Group;

import javax.jcr.ValueFactory;

import org.osgi.framework.ServiceRegistration;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import javax.jcr.RepositoryException;

import javax.jcr.Session;

import javax.jcr.Value;

import javax.servlet.Servlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.adobe.cq.sightly.WCMResourceOptions;

import com.adobe.granite.security.user.UserProperties;

import com.day.crx.security.token.TokenCookie;

import com.day.crx.security.token.TokenUtil;

import org.apache.jackrabbit.api.security.user.Authorizable;

@Component(service=Servlet.class,

immediate = true,

property={

"sling.servlet.methods=POST",

"sling.servlet.paths=/bin/registration",

"metatype=true"

})

public class RegistrationServlet extends

org.apache.sling.api.servlets.SlingAllMethodsServlet {

public static boolean successFlag = false;

private static final long serialVersionUID = 2598426539166789515L;

private static final Logger LOGGER = LoggerFactory

.getLogger(RegistrationServlet.class);

private static final String AEM_REGN_EXCEPTION = "REGN001";

@Reference

private SlingRepository repository;

@Reference

private UserService userService;

@Reference

private SlingSettingsService slingSettings;

@Reference

private ResourceResolverFactory resolverFactory;

public void bindRepository(SlingRepository repository) {

this.repository = repository;

}

@Override

protected void doPost(SlingHttpServletRequest request,

SlingHttpServletResponse response) throws ServerException,

IOException {

boolean success = false;

String returnMsg = "";

String returnCode = "";

JSONObject jsonObject = new JSONObject();

Session adminSession = null;

ResourceResolver resolver = null;

String redirectReg = "";

try {

try {

LOGGER.error("RegnServlet : Registration Request Received for Params+"

+ request.getParameter("firstName")

+ ",userName->"

+ request.getParameter("userName"));

String firstName = request.getParameter("firstName");

String lastName = request.getParameter("lastName");

String userName = request.getParameter("userName");

String password = request.getParameter("password");

String countryCode = request.getParameter("countryCode");

String countryName = request.getParameter("countryName");

Boolean termConditions=Boolean.valueOf(termCondition);

resolver = getResourceResolver(resolverFactory, "dataWriter");

adminSession = resolver.adaptTo(Session.class);

UserManager userManager = AccessControlUtil.getUserManager(adminSession);

User user = (User) userManager.getAuthorizable(userName);

if (userService.userExists(userName, adminSession)) {

throw new Exception("User already exists, Please Login");

}

user = userManager.createUser(userName, password,

new SimplePrincipal(userName),

"/home/users");

ValueFactory valueFactory = adminSession.getValueFactory();

Value emailValue = valueFactory.createValue(userName);

Value userType = valueFactory.createValue("external");

Value givenName = valueFactory.createValue("test");

Value familyName = valueFactory.createValue("test2"));

user.setProperty("./profile/givenName", givenName);

user.setProperty("./profile/familyName", familyName);

user.setProperty("profile/" + UserProperties.EMAIL,

emailValue);

user.setProperty("profile/userType", userType);

adminSession.save();

AuthenticationInfo authnInfo = null;

try {

LOGGER.info("RegnServlet :   create token and return");

authnInfo = TokenUtil.createCredentials(request,

response, repository, userName, true);

} catch (RepositoryException e) {

LOGGER.error(

"RegnServlet : Repository error authenticating user: {} ~> {}",

userName, e);

} finally {

LOGGER.info("RegnServlet : In Finally");

}

if (authnInfo != null) {

redirectReg = loginSucceeded(request, response,

authnInfo, adminSession, resObj);

LOGGER.info("redirectReg" + redirectReg);

}

success = true;

}  catch (RepositoryException e) {

returnMsg = e.getMessage();

returnCode = AEM_REGN_EXCEPTION;

LOGGER.error("RegnServlet : error", e);

} catch (Exception e) {

returnMsg = "Please try later";

returnCode = AEM_REGN_EXCEPTION;

LOGGER.error("AEM server error",

e);

e.printStackTrace();

}

if (success) {

response.setStatus(HttpServletResponse.SC_OK);

try {

jsonObject.put("successReg", redirectReg);

} catch (JSONException e) {

LOGGER.warn("RegnServlet Unable to write success json");

}

response.getWriter().write(jsonObject.toString());

response.flushBuffer();

} else {

// Error response

response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);

try {

jsonObject.put("errorCode", returnCode);

jsonObject.put("errorDetail", returnMsg);

} catch (JSONException e) {

LOGGER.warn("RegnServlet Unable to write error json");

}

response.getWriter().write(jsonObject.toString());

response.flushBuffer();

}

}

}

private String loginSucceeded(HttpServletRequest request,

HttpServletResponse response, AuthenticationInfo authInfo, Session adminSession, Response resObj) {

TokenCookie tokenCookie = TokenCookie.fromRequest(request);

if (tokenCookie != null) {

TokenCookie.setCookie(response, "register-token",

tokenCookie.toString(), 63072000, "/",

request.getServerName(), true, false);

}

String resource = "/en.html";

return resource;

}

public void includeResource(SlingHttpServletResponse customResponse,

String script,

String dispatcherOptions,

String resourceType,

WCMResourceOptions wcmResourceOptions){

}

public ResourceResolver getResourceResolver(final ResourceResolverFactory resolverFactory,

final String subServiceName) throws LoginException {

final Map<String, Object> param = new HashMap<>();

param.put(ResourceResolverFactory.SUBSERVICE, subServiceName);

return resolverFactory.getServiceResourceResolver(param);

}

}

Avatar

Avatar

Veena_Vikram

MVP

Avatar

Veena_Vikram

MVP

Veena_Vikram
MVP

31-01-2019

Can you provide the code snippet which is throwing the error ? I will try it in my local and let you know if I am also facing the issue , if so will try to figure out a solution. Also please let us know the AEM version

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

29-01-2019

Veena_07,

I have implemented Registration functionality which is Servlet that gets data from form.

Based, on that data i createUser via code taking session via systemuser.

Avatar

Avatar

Veena_Vikram

MVP

Avatar

Veena_Vikram

MVP

Veena_Vikram
MVP

29-01-2019

Does that mean even the system user creation is done programmatically here ? If so , did you use createUser method or createSystemUser ?

Avatar

Avatar

rawvarun

Avatar

rawvarun

rawvarun

28-01-2019

Veena_07

I have created user via createuser method (i.e. UserManager ("The Adobe AEM Quickstart and Web Application.") ).

then setting user properties.

Avatar

Avatar

Veena_Vikram

MVP

Avatar

Veena_Vikram

MVP

Veena_Vikram
MVP

28-01-2019

What kind of node are you trying to save ?