Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Anonymous read access to entire /etc is now removed. So we need to give read permission to all required nodes under /etc explicitly.

Avatar

Avatar
Validate 10
Level 3
anilkum
Level 3

Likes

3 likes

Total Posts

65 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Validate 10
Level 3
anilkum
Level 3

Likes

3 likes

Total Posts

65 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
anilkum
Level 3

12-01-2017

Hi,

We are upgrading from AEM 6.0 to AEM 6.1. One of the changes is that anonymous access to /etc is now removed.

In our case, tags are not appear for any user. Is there some other changes for existing user and groups for /etc specially etc/tags

Regards,

Anil

Replies

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,133 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,128 likes

Total Posts

6,133 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

13-01-2017

Hi 

Please refer to this similar AEM post :- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

// AEM 6.1 anonymous read access to /etc was removed. How to handle this?

In AEM 6.1, service users must be system users, which effectively means that their node in the JCR is of type rep:SystemUser. These users cannot be used to log in normally, only by background processes. The admin user is not a system user, so you cannot use the admin user in a service user mapping like this. You have to create a new system user and assign them the appropriate permissions.

Solution can be found out here:

Link:- http://stackoverflow.com/questions/31350548/resourceresolverfactory-getserviceresourceresolver-throw...

//

Goal: To write data/nodes to content (specifically to /etc/userdata) when a user logs in.

We can achieve this in 2 ways (either way, the user needs to be a 'system user')

Process 1:

Step 1: Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service

group.abc.commons-service:writeService=oauthservice (where 'oauthservice' is a system user)

Step 2: Assign that system user the permissions to access the content folder.

enter image description here

You see the system users in CRX at: /home/users/system

Process 2:

Step 1: Create a new system user. to do this

Open http://localhost:4502/crx/explorer/index.jsp

Login as admin > Open 'User Administration > Select 'Create System User' > Enter "user id" > Hit the Green button (you will not se a save button 🙂

I have created "abcwriteservice" user

Step 2: Go to Permissions, and for the user 'abcwriteservice' give Permissions to access the folder where you'd like to write. (In this example: /etc/userdata ) enter image description here

Step 3: Open OSGI console and go to "Apache Sling Service User Mapper Service" to define the service-user mapping. For example: 'group.commons-service:writeService=abcwriteservice'

enter image description here

Step 4: In code, i added extra parameter, as:

Map<String, Object> param = new HashMap<String, Object>(); param.put(ResourceResolverFactory.SUBSERVICE, "writeService"); try { resourceResolverWriter = factory.getServiceResourceResolver(param); if (resourceResolverWriter == null) throw new Exception("Could not obtain a CRX User for the Service:'writeService'"); Node usersRootNode = adminSession.getNode("/etc/userdata/users");

I hope this will help you.

Thanks and Regards

Kautuk Sahni 

Avatar

Avatar
Validate 10
Level 3
anilkum
Level 3

Likes

3 likes

Total Posts

65 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Validate 10
Level 3
anilkum
Level 3

Likes

3 likes

Total Posts

65 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
anilkum
Level 3

13-01-2017

Hi Kautuk,

My issue is limited to read operation. Since the read access is also not there, we are not able to see the information which is read-only. Question is how do we get a package of user, group and permission specially for etc from 6.0 and install it on 6.1. We have large number of group to be able to do it manually.

Any suggestions?

Thanks,

Anil

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

13-01-2017

 "We have large number of group to be able to do it manually."

To work with groups and users, you can look at writing some User Manager code to automate creation of these. This is one of the reasons why this Jackrabbit API exists. 

http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/user/package-summary.html