Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Clarity About ResourceResolver

Avatar

Level 2

Hey I'm new to AEM, I am learning about  Resource and ResourceResolver. So, I encounter with different codes from different websites while I'm learning.

So some are using 

@SlingObject

private ResourceResolver resourceResolver;

 

and we can also get the object of ResourceResolver by using resourceResolverFactory along with system user.

  • So can I know what is the difference between both ResourceResolver object's? 
  • If i'm getting ResourceResolver using @SlingObject then what is the use of getting resourceResolver with system user?

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

In general and simplistically, resolurceResolver can be divided into two parts.

ResouceResolver from Request: 

Syntax: request.getResourceResolver / @SlingObject

Usages: When performing general operations on resources that are normally inaccessible to regular users.

Permission: User permission is reflected on this resorceResolver.

 

ResourceResolver from ResourceResolverFactory

Syntax: resourceResolverService.getResourceResolver(), with the implementation of an interface and the help of resourceResolverFactory

Usages: When you need to operate on special resources like under /etc, write operation under /content or like this.

Permission: Special permission can be provided for different users. By factory method in runtime, the necessary user can be picked up and do the job.  An example can be Service User.

 

These are very simplified talks, when you deep dive into it you can discover more, and by business requirement, you can able to implement more complex scenarios.

View solution in original post

5 Replies

Avatar

Employee Advisor

 

The @SlingObject annotation only works in the context of a Sling Model, and it injects the ResourceResolver when this SlingModel is used in the context of a request. And it is injecting the ResourceResolver, which is created respecting the identity of the user and its permissions.

 

The ResourceResolverFactory allows you create ResourceResolvers for almost any kind of principal known in the repository. It's much more flexible, but also requires more coding and in the context of a SlingModel it is hard to achieve the same as the annotation. Also it always creates a new ResourceResolver, while the annotation uses the already existing one.

 

Avatar

Correct answer by
Community Advisor

In general and simplistically, resolurceResolver can be divided into two parts.

ResouceResolver from Request: 

Syntax: request.getResourceResolver / @SlingObject

Usages: When performing general operations on resources that are normally inaccessible to regular users.

Permission: User permission is reflected on this resorceResolver.

 

ResourceResolver from ResourceResolverFactory

Syntax: resourceResolverService.getResourceResolver(), with the implementation of an interface and the help of resourceResolverFactory

Usages: When you need to operate on special resources like under /etc, write operation under /content or like this.

Permission: Special permission can be provided for different users. By factory method in runtime, the necessary user can be picked up and do the job.  An example can be Service User.

 

These are very simplified talks, when you deep dive into it you can discover more, and by business requirement, you can able to implement more complex scenarios.

Avatar

Community Advisor

@shamyaswanth 

 

ResourceResolver from @SlingObject:

When using the @SlingObject annotation, you are injecting the ResourceResolver directly into your Java class or component as part of the Sling Models framework. This is typically used in the context of request processing, where you need access to resources related to the current request.

Example use cases for @SlingObject and the injected ResourceResolver:

  • Fetching the properties of the current page or resource being requested.
  • Accessing resource children or siblings.
  • Getting information about the current user's session.

ResourceResolver from Service User:

When using a Service User to obtain the ResourceResolver, you are creating a dedicated service account (user) in AEM, granting it specific permissions, and then using that user's credentials to obtain a ResourceResolver. This approach is typically used for background tasks, batch processes, or any scenario where you need programmatic access to the repository without relying on a specific user's permissions or session.

Example use cases for ResourceResolver obtained from a Service User:

  • Performing operations on resources without the need for user-specific permissions.
  • Schedulers

Aanchal Sikka

Avatar

Community Advisor

@shamyaswanth ,

Adding my points in addition to already mentioned by other community members,

 

In practical terms,

@SlingObject resourceResolver gets you the resourceResolver object of "anonymous" user (in all most all of the cases). This means only read permissions to the content structure like /content/yourproject/pages, /content/dam/yourproject/assets etc.,

 

Suppose, you have requirement where you need to create, update or delete any nodes on JCR content repo, @SlingObject resourceResolver won't be of any help to you. In this case, you need to create a system user with permissions to read, edit, delete and get the resouceResolver object of that system user via ResourceResolverFactory.

 

New AEM user tip: Most of the functionalities(components/pages) work fine when you check them on localhost:4502 author instance when logged in via "admin/admin" user. But, surprisingly, component/pages start to show blank when accessed them on publish instance (localhost:4503). Because, access defaults to "anonymous" user on publish instance. Always, check your components/pages on publish instance to validate the functionality.

 

 

Avatar

Employee Advisor

You are mentioning a special case: The user is the anonymous user on the publish. But on author the situation is different, you might have read/write permissions on content and other areas.

 

(I appreciate that you are thinking of the anoynmous case first, I have seen quite a bit of code which assumes to have write permissions when rendering the page...)