Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Error: Node / doesn't have primary type set error with ACL

Avatar

Level 3

Hi,

I am using AEM 6.0 with SP2. We have added ACLs through GLOB patterns. I want to create a authoring group which has very limited access(in welcome screen just websites, inbox should be displayed). When user clicks on websites icon, which should open site admin console with the folders that user is authorized to see.

We can use Useradmin console to fullfill my requirement. I mean i need to provide read access at top level (/) and need to deny on many things. We should touch many node ACLs to allow and deny access which is complex. Just to avoid that, i wrote a java utility which reads property file (will specify the group names, content paths and access needed) and generates rep:policy nodes at specific content paths. I was able to restrict access and allowing very limited access to user in welcome screen. When user clicked on websites icon, siteadmin page is opened and showing websites without any content folders even though user has provided read write access to content paths. In logs i am getting errors like below

GET /system/sling/logout.html HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/: { :async = { ... }, tmp = { ... }, home = { ... }, etc = { ... }, content = { ... }, bin = { ... }, libs = { ... }, var = { ... }}}]
javax.jcr.RepositoryException: Node / doesn't have primary type set.

GET / HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource getInputStream: Cannot get InputStream for JcrNodeResource, type=<unknown resource type>, superType=null, path=/

javax.jcr.RepositoryException: Node / doesn't have primary type set.

 

GET /siteadmin HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/libs/wcm/core/content: { misc = { ... }, components = { ... }, pageinfo = { ... }, siteadmin = { ... }}}]
javax.jcr.RepositoryException: Node /libs/wcm/core/content doesn't have primary type set.

 GET /libs/cq/ui/widgets/themes/default/ext/menu/menu.gif HTTP/1.1] org.apache.sling.jcr.resource.internal.helper.jcr.JcrNodeResource Unable to get resource type for node Node[NodeDelegate{tree=/libs: {}}]
javax.jcr.RepositoryException: Node /libs doesn't have primary type set.

 

Appreciated for any pointers on the issue

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi AEM dev

Some reference article that could come as help to you.

// To programmatically set ACLs 

When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).

I want to give permissions when I deploy content package.

  • You can deploy an AEM package containing only rep:policies which will serve the same purpose of setting up permissions through useradmin.

You can refer to ACL packager from ACS Tools for packaging ACLs.

Note : The user who is installing the package needs to have permission to set ACLs

To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .

org.apache.jackrabbit.api.security.JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlList javax.jcr.security.Privilege

 

Link:- http://stackoverflow.com/questions/31587635/how-to-give-user-permissions-programatically

Link:- https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues/100

Link:- http://adobe-consulting-services.github.io/acs-aem-commons/features/acl-packager.html

 

I hope this would act as some help to you.

 

Thanks and  Regards

Kautuk Sahni

View solution in original post

2 Replies

Avatar

Level 10

From what I have read - you are trying to modify ACL using Java: " i wrote a java utility which reads property file (will specify the group names, content paths and access needed) and generates rep:policy nodes at specific content paths."

To use Java and ACLs - use this API - see the Javadocs here: 

https://docs.adobe.com/docs/en/cq/5-6-1/javadoc/org/apache/sling/jcr/base/util/AccessControlUtil.htm...

Avatar

Correct answer by
Administrator

Hi AEM dev

Some reference article that could come as help to you.

// To programmatically set ACLs 

When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).

I want to give permissions when I deploy content package.

  • You can deploy an AEM package containing only rep:policies which will serve the same purpose of setting up permissions through useradmin.

You can refer to ACL packager from ACS Tools for packaging ACLs.

Note : The user who is installing the package needs to have permission to set ACLs

To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .

org.apache.jackrabbit.api.security.JackrabbitAccessControlManager org.apache.jackrabbit.api.security.JackrabbitAccessControlList javax.jcr.security.Privilege

 

Link:- http://stackoverflow.com/questions/31587635/how-to-give-user-permissions-programatically

Link:- https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues/100

Link:- http://adobe-consulting-services.github.io/acs-aem-commons/features/acl-packager.html

 

I hope this would act as some help to you.

 

Thanks and  Regards

Kautuk Sahni