Expand my Community achievements bar.

SOLVED

AEM6.1 Service User Issue

Avatar

Level 2

Hello,

 
We have been working with AEM 6.0SP2 and are now moving into AEM 6.1.
During our upgrade from CQ 5.6.1 to AEM 6.0SP2 we converted over all our uses of admin sessions (via resourceResolver.loginAdministrative()) to use service users instead.
 
Here's a snippet of how we get a service user:

 

try { Map<String, Object> param = new HashMap<String, Object>(); param.put(ResourceResolverFactory.SUBSERVICE, "contentReadService"); this.serviceResourceResolver = this.resourceResolverFactory.getServiceResourceResolver(param); if (this.serviceResourceResolver != null) { LOG.debug("New resource resolver found"); } } catch (LoginException e) { LOG.error("error getting resource resolver"); LOG.error(e.getMessage()); }

 

By the above code we should be looking for the "contentReadService" subservice from the current bundle (we'll call the bundle XXX).
 
In the "Apache Sling Service User Mapping Service" we have the following configuration:
XXX:contentReadService=service_content_read
So my understanding is that the "contentReadService" in the bundle "XXX" should be assigned the user "service_content_read". This user does exist.
 
This worked great in AEM 6.0SP2, but as of AEM 6.1 i see the following error in the log:
02.06.2015 10:28:51.802 *ERROR* [qtp1426607298-4062] error getting resource resolver
02.06.2015 10:28:51.802 *ERROR* [qtp1426607298-4062] Cannot derive user name for bundle XXX [449] and sub service contentReadService
We can see from the code that the "error getting resource resolver" is something i'm putting in, so the following error is the error message of the LoginException in that final catch block.
 
Has anyone experienced a similar issue?
 
Thanks,
Kyle 
1 Accepted Solution

Avatar

Correct answer by
Level 2

Yes, this is a requirement. The user node needs to have the following properties

  • jcr:primaryType="rep:SystemUser"
  • jcr:uuid="<some value>"
  • rep:principalName="<some value>"
  • rep:authorizableId="<some value>"

Note also that the user *must not have* a password.

I'm creating a sling doc patch at the minute, I'll let you know once it is published.

View solution in original post

10 Replies

Avatar

Level 2

Also, 

 

I have noticed the "Apache Sling Service User Mapper Service Amendment" factory, which is a much better way of managing these service users. 

Tried that, same results.

 

Thanks,

kyle

Avatar

Level 4

Same issue here...

 

Was able to solve it by creating a "rep:SystemUser". Looks like it MUST be such a user.

Avatar

Level 2

Kyle Giovannetti wrote...

Also, 

 

I have noticed the "Apache Sling Service User Mapper Service Amendment" factory, which is a much better way of managing these service users.

The User Mapper Service Amendment factory is indeed the right choice. I'm currently gathering information and hoping to publish something by end of the week.

Keep you posted,

Alex

Avatar

Former Community Member

maggod wrote...

Same issue here...

 

Was able to solve it by creating a "rep:SystemUser". Looks like it MUST be such a user.

 

 

Can you elaborate or post example on how you were using "Apache Sling Service User Mapper Service Amendment" factory. I'm using AEM 6.1 and "resourceResolverFactory.getServiceResourceResolver" is failing with Login Exception.

Avatar

Correct answer by
Level 2

Yes, this is a requirement. The user node needs to have the following properties

  • jcr:primaryType="rep:SystemUser"
  • jcr:uuid="<some value>"
  • rep:principalName="<some value>"
  • rep:authorizableId="<some value>"

Note also that the user *must not have* a password.

I'm creating a sling doc patch at the minute, I'll let you know once it is published.

Avatar

Level 2

That was exactly the issue.

I had to create the service user through CRX Explorer.

 

 

Thanks,

Kyle

Avatar

Former Community Member

Alexandre COLLIGNON wrote...

Yes, this is a requirement. The user node needs to have the following properties

  • jcr:primaryType="rep:SystemUser"
  • jcr:uuid="<some value>"
  • rep:principalName="<some value>"
  • rep:authorizableId="<some value>"

Note also that the user *must not have* a password.

I'm creating a sling doc patch at the minute, I'll let you know once it is published.

 

I had the same problem but now you solved it with your answer.Thanks!

Avatar

Level 1

Is it possible to create system user without using admin account? What priviledge is needed?

I am using AEM 6.1.

Avatar

Former Community Member

I may have to take back.. works only with a "system user" and not with a regular user as i mentioned earlier.

Updated my post here as well:

http://stackoverflow.com/questions/31350548/resourceresolverfactory-getserviceresourceresolver-throw...