Expand my Community achievements bar.

Anonymous read access to entire /etc is now removed. So we need to give read permission to all required nodes under /etc explicitly.

Avatar

Level 4

Hi,

We are upgrading from AEM 6.0 to AEM 6.1. One of the changes is that anonymous access to /etc is now removed.

In our case, tags are not appear for any user. Is there some other changes for existing user and groups for /etc specially etc/tags

Regards,

Anil

3 Replies

Avatar

Administrator

Hi 

Please refer to this similar AEM post :- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

// AEM 6.1 anonymous read access to /etc was removed. How to handle this?

In AEM 6.1, service users must be system users, which effectively means that their node in the JCR is of type rep:SystemUser. These users cannot be used to log in normally, only by background processes. The admin user is not a system user, so you cannot use the admin user in a service user mapping like this. You have to create a new system user and assign them the appropriate permissions.

Solution can be found out here:

Link:- http://stackoverflow.com/questions/31350548/resourceresolverfactory-getserviceresourceresolver-throw...

//

Goal: To write data/nodes to content (specifically to /etc/userdata) when a user logs in.

We can achieve this in 2 ways (either way, the user needs to be a 'system user')

Process 1:

Step 1: Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service

group.abc.commons-service:writeService=oauthservice (where 'oauthservice' is a system user)

Step 2: Assign that system user the permissions to access the content folder.

enter image description here

You see the system users in CRX at: /home/users/system

Process 2:

Step 1: Create a new system user. to do this

Open http://localhost:4502/crx/explorer/index.jsp

Login as admin > Open 'User Administration > Select 'Create System User' > Enter "user id" > Hit the Green button (you will not se a save button :)

I have created "abcwriteservice" user

Step 2: Go to Permissions, and for the user 'abcwriteservice' give Permissions to access the folder where you'd like to write. (In this example: /etc/userdata ) enter image description here

Step 3: Open OSGI console and go to "Apache Sling Service User Mapper Service" to define the service-user mapping. For example: 'group.commons-service:writeService=abcwriteservice'

enter image description here

Step 4: In code, i added extra parameter, as:

Map<String, Object> param = new HashMap<String, Object>(); param.put(ResourceResolverFactory.SUBSERVICE, "writeService"); try { resourceResolverWriter = factory.getServiceResourceResolver(param); if (resourceResolverWriter == null) throw new Exception("Could not obtain a CRX User for the Service:'writeService'"); Node usersRootNode = adminSession.getNode("/etc/userdata/users");

I hope this will help you.

Thanks and Regards

Kautuk Sahni 



Kautuk Sahni

Avatar

Level 4

Hi Kautuk,

My issue is limited to read operation. Since the read access is also not there, we are not able to see the information which is read-only. Question is how do we get a package of user, group and permission specially for etc from 6.0 and install it on 6.1. We have large number of group to be able to do it manually.

Any suggestions?

Thanks,

Anil

Avatar

Level 10

 "We have large number of group to be able to do it manually."

To work with groups and users, you can look at writing some User Manager code to automate creation of these. This is one of the reasons why this Jackrabbit API exists. 

http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/user/package-summary.html