Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Difference between different types of resource resolvers

Avatar

Avatar
Validate 1
Level 2
Aryan12345
Level 2

Likes

6 likes

Total Posts

32 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
Aryan12345
Level 2

Likes

6 likes

Total Posts

32 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Aryan12345
Level 2

15-12-2019

There are three ways in which I can get resource Resolver in AEM.

  1. Administrative resource resolver
  2. Service resource resolver with a system user
  3. Resource resolver from the request in a servlet.

Lets consider this scenario.

  1. Get an administrative resource resolver
  2. Get a service resource resolver with admin as the subservice user.
  3. Resource resolver from the request in a servlet (hit on author) after providing admin credentials as "basic authentication" say in postman.

Are these three not supposed to be the same? Quick and dirty code for What i mean. Please let me know what you think.

 

Not sure how to add code here so providing my Githib code link

https://github.com/GodaProjects/aem652/blob/feature/resource-resolver-2/core/src/main/java/com/goda/...

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,089 likes

Total Posts

3,123 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,089 likes

Total Posts

3,123 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

23-12-2019

I don't understand what you mean with "Are these three not supposed to be the same?". Yes, from a java perspective it's always an instance of a ResourceResolver. From the permissions attached to the resourceResolver it depends.

 

In case 1 the permissions are implicitly clear, as you are using an admin session. In case 2 and 3 the permissions attached to the session can be managed externally and explicitly.

Answers (2)

Answers (2)

Avatar

Avatar
Establish
MVP
Veena_Vikram
MVP

Likes

449 likes

Total Posts

1,024 posts

Correct Reply

116 solutions
Top badges earned
Establish
Coach
Contributor 2
Seeker
Ignite 5
View profile

Avatar
Establish
MVP
Veena_Vikram
MVP

Likes

449 likes

Total Posts

1,024 posts

Correct Reply

116 solutions
Top badges earned
Establish
Coach
Contributor 2
Seeker
Ignite 5
View profile
Veena_Vikram
MVP

16-12-2019

Hi Aryan

 

     All of them serve the same purpose but obviously differ in how and when to use. I will try to explain though

 

Resource Resolver Via

 

1) Administrative Null - DEPRECATED

 

      From your code; Line 77 resourceResolverFactory.getAdministrativeResourceResolver(null); This was the old way of accessing the repository via code. When we used to code back in those days, even if the user had restricted access to the content, with this code , from back-end we used to gain full access to the repository. So you can obviously understand the security loophole it had. Because of such security issues , this was deprecated . So should not be used anymore . See the doc here

 

2) Service User

 

      To address all the security issues caused by accessing the Resource Resolver via getAdministrativeResourceResolver(null) ; this new method was introduced, which mandates you to have a dedicated user ( Should be a SYSTEM USER) with restricted permissions. Using 

getServiceResourceResolver(Map<String,Object> authenticationInfo)

 method ; you can get the resourceResolver only if the user has the privilege to access the content you are trying to access via backend. If the user doesn't have the required privilege , it will return null. Please find the official doc here

 

3) From Request

 

     As ravi mentioned , it is specific to the current request. The resolver resolver out of this way will have the permissions as same as the user requesting this. A little explanation on getting resourceResolver via request from the web is found here

 

Hope this helps. Let me know if you are still unclear. If there is any discrepancies in my response , please feel free to correct me 🙂

 

Thanks

Veena

 

Avatar

Avatar
Establish
MVP
Ravi_Pampana
MVP

Likes

184 likes

Total Posts

235 posts

Correct Reply

70 solutions
Top badges earned
Establish
Contributor
Shape 1
Ignite 5
Ignite 3
View profile

Avatar
Establish
MVP
Ravi_Pampana
MVP

Likes

184 likes

Total Posts

235 posts

Correct Reply

70 solutions
Top badges earned
Establish
Contributor
Shape 1
Ignite 5
Ignite 3
View profile
Ravi_Pampana
MVP

15-12-2019

Hi

 

1. Get an administrative resource resolver
-- will have admin access even without passing any credentials and depreciated as it is not good practice. As it will give full access to add/delete/modify to the nodes for all requests.

Refer: https://aemmastery.com/heads-up-getadministrativeresourceresolver-is-deprecated-in-apache-sling-a5a2...

 

2. Get a service resource resolver with admin as the subservice user.
-- We can restrict the access of system user and provide access on need basis to the required class

Refer: https://taradevko.com/aem/aem-service-user-mapper-do-you-know-it/

 

3. Resource resolver from the request in a servlet (hit on author) after providing admin credentials as "basic authentication" say in postman.
-- Will have the access of the logged in user, if user is admin, we can get admin access from request or if user is not having delete access, performing delete will throw exception