AEM 6.5 - Adding JCR access policy NOT CUG

Eric_Stricker

21-05-2020

I got stuck on CUG and this is NOT what I am looking for. 

 

We require to add jcr:write access for a single user to a new node that we create also through code.  All I can find is code examples prior 6.3 change to CUG, but these are no longer working

 

How can we still use AccessControlList.addEntry(principal, privileges, true) in AEM 6.5 or is this no longer allowed and should we user CUG?

 

(I understand this only is used to grant Read access to nodes)

 

Accepted Solutions (1)

Accepted Solutions (1)

Vijayalakshmi_S

MVP

21-05-2020

Hi @Eric_Stricker,

Use AccessControlList.addAccessControlEntry(principal, privileges) followed by setPolicy using AccessControlManager API.

Code snippet:

try {
	Authorizable authorizable = userMgr.getAuthorizable(userIdStr); 
	Principal userPrincipal = authorizable.getPrincipal();	// prinicipal object from user/group id	
	Privilege[] writePrivileges = new Privilege[] { acmMgr.privilegeFromName(Privilege.JCR_WRITE) };   // JCR_WRITE privilege object		
	AccessControlPolicyIterator itr = acmMgr.getApplicablePolicies(pageNode.getPath());   // pageNode -> node for which we are trying to set policy
	while (itr.hasNext()) {				
		AccessControlPolicy policy = itr.nextAccessControlPolicy();
		if (policy instanceof AccessControlList) {					
			AccessControlList acl = (AccessControlList) policy;
			acl.addAccessControlEntry(userPrincipal, writePrivileges); // creates ACE 
			acmMgr.setPolicy(pageNode.getPath(), acl); // adds ACL to the desired node
		}				
	}
	session.save();
}
catch (RepositoryException e) {
	LOG.error("Repository Exception={}", e.getMessage());
}

Reference:

https://docs.adobe.com/docs/en/spec/jsr170/javadocs/jcr-2.0/javax/jcr/security/AccessControlList.htm...

Answers (0)