Hi,
I am using AEM 6.0 with SP2. We have added ACLs through GLOB patterns. I want to create a authoring group which has very limited access(in welcome screen just websites, inbox should be displayed). When user clicks on websites icon, which should open site admin console with the folders that user is authorized to see.
We can use Useradmin console to fullfill my requirement. I mean i need to provide read access at top level (/) and need to deny on many things. We should touch many node ACLs to allow and deny access which is complex. Just to avoid that, i wrote a java utility which reads property file (will specify the group names, content paths and access needed) and generates rep:policy nodes at specific content paths. I was able to restrict access and allowing very limited access to user in welcome screen. When user clicked on websites icon, siteadmin page is opened and showing websites without any content folders even though user has provided read write access to content paths. In logs i am getting errors like below
GET /system/sling/logout.html HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/: { :async = { ... }, tmp = { ... }, home = { ... }, etc = { ... }, content = { ... }, bin = { ... }, libs = { ... }, var = { ... }}}]
javax.jcr.RepositoryException: Node / doesn't have primary type set.
GET / HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource getInputStream: Cannot get InputStream for JcrNodeResource, type=<unknown resource type>, superType=null, path=/
javax.jcr.RepositoryException: Node / doesn't have primary type set.
GET /siteadmin HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/libs/wcm/core/content: { misc = { ... }, components = { ... }, pageinfo = { ... }, siteadmin = { ... }}}]
javax.jcr.RepositoryException: Node /libs/wcm/core/content doesn't have primary type set.
GET /libs/cq/ui/widgets/themes/default/ext/menu/menu.gif HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/libs: {}}]
javax.jcr.RepositoryException: Node /libs doesn't have primary type set.
Appreciated for any pointers on the issue
Solved! Go to Solution.
Views
Replies
Total Likes
Hi AEM dev
Some reference article that could come as help to you.
// To programmatically set ACLs
When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).
I want to give permissions when I deploy content package.
You can refer to ACL packager from ACS Tools for packaging ACLs.
Note : The user who is installing the package needs to have permission to set ACLs
To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .
org.apache.jackrabbit.api.security.JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlList javax.jcr.security.Privilege
Link:- http://stackoverflow.com/questions/31587635/how-to-give-user-permissions-programatically
Link:- https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues/100
Link:- http://adobe-consulting-services.github.io/acs-aem-commons/features/acl-packager.html
I hope this would act as some help to you.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
From what I have read - you are trying to modify ACL using Java: " i wrote a java utility which reads property file (will specify the group names, content paths and access needed) and generates rep:policy nodes at specific content paths."
To use Java and ACLs - use this API - see the Javadocs here:
Views
Replies
Total Likes
Hi AEM dev
Some reference article that could come as help to you.
// To programmatically set ACLs
When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).
I want to give permissions when I deploy content package.
You can refer to ACL packager from ACS Tools for packaging ACLs.
Note : The user who is installing the package needs to have permission to set ACLs
To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .
org.apache.jackrabbit.api.security.JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlList javax.jcr.security.Privilege
Link:- http://stackoverflow.com/questions/31587635/how-to-give-user-permissions-programatically
Link:- https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues/100
Link:- http://adobe-consulting-services.github.io/acs-aem-commons/features/acl-packager.html
I hope this would act as some help to you.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes