Adobe Experience Manager Sites & More

vasgurug · 11/6/24

Hi,

While we are trying to access the AEM to inject the data from an external application using below

public Session getAEMSession() throws RepositoryException {

return JcrUtils.getRepository(aemAuthorUrl + "/crx/server")

.login(new SimpleCredentials(aemAuthorUsername, aemAuthorPassword.toCharArray()));

}

while accessing we are getting the below error as :

javax.jcr.ItemNotFoundException: Unable to retrieve NodeInfo for https://<domain>/crx/server

The issue resolving only when we provide root level sudo access to user / as below

but not working if we provide only CRUD operations to /content node?

What will be the best practice when we need to connect AEM from external to inject the data to AEM ?

why do we need root level sudo read access?

anupampat · 11/7/24

Hi @vasgurug ,

If you are integrating a third party API to AEM, there are multiple ways, from your query I guess you do not want you use a Technical Account but just get a Session, make a call to the API fetch the data and store in AEM.

1. Create a System user Refer - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/what-is-a-system-user-and-...

2. While creating the system user you can define the permission you want it to have.

3. Create your ResourceResolver using this system user and then adapt it to create your Session.

You should be able to read/write data. One you have Session object you do not need to do JcrUtils.getRepository(aemAuthorUrl + "/crx/server")

Regards,

Anupam Patra

abhishekanand_ · 11/7/24

Hi @vasgurug

The error you're encountering, javax.jcr.ItemNotFoundException, typically happens when there are insufficient permissions on the nodes you are trying to access. AEM requires that the connecting user have adequate read and write permissions.

Some JCR operations require the session to traverse the repository's root node for specific internal AEM actions or node properties checks. If the user account lacks read access to required internal nodes (like those in /etc or /libs), the session might fail even if permissions on /content exist.
A well-defined access control list (ACL) for your service user can resolve this, avoiding the need for extensive root access. Limit access to specific paths and permissions required for your use case.

Adjust your code to use a service user configured within AEM:

ResourceResolver resourceResolver = null;
try {
    Map<String, Object> paramMap = new HashMap<>();
    paramMap.put(ResourceResolverFactory.SUBSERVICE, "yourServiceUserName"); // Register this user in AEM
    resourceResolver = resolverFactory.getServiceResourceResolver(paramMap);
    Session session = resourceResolver.adaptTo(Session.class);

    // Perform your operations with the session object here

} catch (LoginException e) {
    e.printStackTrace();
} finally {
    if (resourceResolver != null && resourceResolver.isLive()) {
        resourceResolver.close();
    }
}

Ensure that "yourServiceUserName" has adequate permissions through AEM’s user management console to interact only with the necessary nodes. This setup is aligned with AEM best practices for secure external access.

vasgurug · 11/7/24

This will work inside AEM using system user and user mapper service using the subservice concept but the application running out side aem we trying to connect using Jcr. How this will work for application running out side AEM ??

kautuk_sahni · 11/11/24

@vasgurug Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Kautuk Sahni

vasgurug · 11/11/24

No not yet stilling looking for the solution provided will work inside AEM but some application which running outside want to make a connect with AEM to get the session what will be the best practice?

vasgurug · 11/21/24

This is the response got from adobe support team but didn't get how can we import a bulk load of data by connecting crx/server possible ?? when we stop davex bundle we are not able to connect the server to inject the data? any one has idea how to connect if the davex bundle stops?

We understand your requirement to connect to the AEM repository from an external source, given the security constraints around the Davex bundle. We have identified several alternative solutions that could meet your needs: SlingPostServlet: This approach involves writing custom scripts to handle POST requests for creating or modifying resources within the repository. It's an effective solution for programmatically updating content:

https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-po...

Adobe Experience Manager Sites & More

AEM session management and user access

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe