Adobe Experience Manager Sites & More

anilkum · 1/12/17

Hi,

We are upgrading from AEM 6.0 to AEM 6.1. One of the changes is that anonymous access to /etc is now removed.

In our case, tags are not appear for any user. Is there some other changes for existing user and groups for /etc specially etc/tags

Regards,

Anil

kautuk_sahni · 1/13/17

Hi

Please refer to this similar AEM post :- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

// AEM 6.1 anonymous read access to /etc was removed. How to handle this?

In AEM 6.1, service users must be system users, which effectively means that their node in the JCR is of type rep:SystemUser. These users cannot be used to log in normally, only by background processes. The admin user is not a system user, so you cannot use the admin user in a service user mapping like this. You have to create a new system user and assign them the appropriate permissions.

Solution can be found out here:

Link:- http://stackoverflow.com/questions/31350548/resourceresolverfactory-getserviceresourceresolver-throw...

//

Goal: To write data/nodes to content (specifically to /etc/userdata) when a user logs in.

We can achieve this in 2 ways (either way, the user needs to be a 'system user')

Process 1:

Step 1: Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service

group.abc.commons-service:writeService=oauthservice (where 'oauthservice' is a system user)

Step 2: Assign that system user the permissions to access the content folder.

You see the system users in CRX at: /home/users/system

Process 2:

Step 1: Create a new system user. to do this

Open http://localhost:4502/crx/explorer/index.jsp

Login as admin > Open 'User Administration > Select 'Create System User' > Enter "user id" > Hit the Green button (you will not se a save button :)

I have created "abcwriteservice" user

Step 2: Go to Permissions, and for the user 'abcwriteservice' give Permissions to access the folder where you'd like to write. (In this example: /etc/userdata )

Step 3: Open OSGI console and go to "Apache Sling Service User Mapper Service" to define the service-user mapping. For example: 'group.commons-service:writeService=abcwriteservice'

Step 4: In code, i added extra parameter, as:

Map<String, Object> param = new HashMap<String, Object>(); param.put(ResourceResolverFactory.SUBSERVICE, "writeService"); try { resourceResolverWriter = factory.getServiceResourceResolver(param); if (resourceResolverWriter == null) throw new Exception("Could not obtain a CRX User for the Service:'writeService'"); Node usersRootNode = adminSession.getNode("/etc/userdata/users");

I hope this will help you.

Thanks and Regards

Kautuk Sahni

anilkum · 1/13/17

Hi Kautuk,

My issue is limited to read operation. Since the read access is also not there, we are not able to see the information which is read-only. Question is how do we get a package of user, group and permission specially for etc from 6.0 and install it on 6.1. We have large number of group to be able to do it manually.

Any suggestions?

Thanks,

Anil

smacdonald2008 · 1/13/17

"We have large number of group to be able to do it manually."

To work with groups and users, you can look at writing some User Manager code to automate creation of these. This is one of the reasons why this Jackrabbit API exists.

http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/user/package-summary.html

Adobe Experience Manager Sites & More

Anonymous read access to entire /etc is now removed. So we need to give read permission to all required nodes under /etc explicitly.

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe