Hi,
While we are trying to access the AEM to inject the data from an external application using below
public Session getAEMSession() throws RepositoryException {
return JcrUtils.getRepository(aemAuthorUrl + "/crx/server")
.login(new SimpleCredentials(aemAuthorUsername, aemAuthorPassword.toCharArray()));
}
while accessing we are getting the below error as :
javax.jcr.ItemNotFoundException: Unable to retrieve NodeInfo for https://<domain>/crx/server
The issue resolving only when we provide root level sudo access to user / as below
but not working if we provide only CRUD operations to /content node?
What will be the best practice when we need to connect AEM from external to inject the data to AEM ?
why do we need root level sudo read access?
Views
Replies
Total Likes
Hi @vasgurug ,
If you are integrating a third party API to AEM, there are multiple ways, from your query I guess you do not want you use a Technical Account but just get a Session, make a call to the API fetch the data and store in AEM.
1. Create a System user Refer - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/what-is-a-system-user-and-...
2. While creating the system user you can define the permission you want it to have.
3. Create your ResourceResolver using this system user and then adapt it to create your Session.
You should be able to read/write data. One you have Session object you do not need to do JcrUtils.getRepository(aemAuthorUrl + "/crx/server")
Regards,
Anupam Patra
Hi @vasgurug
The error you're encountering, javax.jcr.ItemNotFoundException, typically happens when there are insufficient permissions on the nodes you are trying to access. AEM requires that the connecting user have adequate read and write permissions.
Some JCR operations require the session to traverse the repository's root node for specific internal AEM actions or node properties checks. If the user account lacks read access to required internal nodes (like those in /etc or /libs), the session might fail even if permissions on /content exist.
A well-defined access control list (ACL) for your service user can resolve this, avoiding the need for extensive root access. Limit access to specific paths and permissions required for your use case.
Adjust your code to use a service user configured within AEM:
ResourceResolver resourceResolver = null;
try {
Map<String, Object> paramMap = new HashMap<>();
paramMap.put(ResourceResolverFactory.SUBSERVICE, "yourServiceUserName"); // Register this user in AEM
resourceResolver = resolverFactory.getServiceResourceResolver(paramMap);
Session session = resourceResolver.adaptTo(Session.class);
// Perform your operations with the session object here
} catch (LoginException e) {
e.printStackTrace();
} finally {
if (resourceResolver != null && resourceResolver.isLive()) {
resourceResolver.close();
}
}
Ensure that "yourServiceUserName" has adequate permissions through AEM’s user management console to interact only with the necessary nodes. This setup is aligned with AEM best practices for secure external access.
This will work inside AEM using system user and user mapper service using the subservice concept but the application running out side aem we trying to connect using Jcr. How this will work for application running out side AEM ??
Views
Replies
Total Likes
@vasgurug Did you find the suggestions helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!
Views
Replies
Total Likes
No not yet stilling looking for the solution provided will work inside AEM but some application which running outside want to make a connect with AEM to get the session what will be the best practice?
Views
Replies
Total Likes
This is the response got from adobe support team but didn't get how can we import a bulk load of data by connecting crx/server possible ?? when we stop davex bundle we are not able to connect the server to inject the data? any one has idea how to connect if the davex bundle stops?
We understand your requirement to connect to the AEM repository from an external source, given the security constraints around the Davex bundle. We have identified several alternative solutions that could meet your needs: SlingPostServlet: This approach involves writing custom scripts to handle POST requests for creating or modifying resources within the repository. It's an effective solution for programmatically updating content:
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies