Expand my Community achievements bar.

SOLVED

Facing "Anonymous access not allowed by configuration" while uploading csv through scheduler to dam in AEM

Avatar

Level 5
Level 5
2/1/23 11:02:41 PM

Hi 

I am facing               " javax.jcr.AccessDeniedException: OakAccess0000: Access denied "

while uploading csv through the scheduler to DAM in AEM.

Please help me figure out why it's happening and how it can be resolved.

I am sharing the logs to share more context : 

 

[qtp41239703-9726] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
25.01.2023 23:59:38.247 [cm-p23010-e63786-aem-author-5d5cb8ff87-tsfd6] *WARN* [3.145.224.228 [1674691178244] GET /libs/granite/core/content/login.html HTTP/1.1] libs.granite.core.components.login.login__002e__jsp j_reason param value 'unknown' cannot be mapped to a valid reason message: ignoring
25.01.2023 23:59:54.870 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *INFO* [qtp1470771220-18779] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
25.01.2023 23:59:54.912 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *WARN* [44.202.178.206 [1674691194909] GET /libs/granite/core/content/login.html HTTP/1.1] libs.granite.core.components.login.login__002e__jsp j_reason param value 'unknown' cannot be mapped to a valid reason message: ignoring
25.01.2023 23:59:55.051 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *INFO* [sling-default-4-org.gs4tr.globallink.adaptors.aem.scheduler.UpdateStatusScheduledJob.5839] org.gs4tr.globallink.adaptors.aem.scheduler.UpdateStatusScheduledJob Start update status scheduled job...
25.01.2023 23:59:55.052 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *INFO* [sling-default-4-org.gs4tr.globallink.adaptors.aem.scheduler.UpdateStatusScheduledJob.5839] org.gs4tr.globallink.adaptors.aem.scheduler.UpdateStatusScheduledJob Update status scheduled job finished.
26.01.2023 00:00:00.001 [cm-p23010-e63786-aem-author-5d5cb8ff87-tsfd6] *INFO* [sling-default-2-com.adobe.cq.wcm.translation.impl.scheduler.ScheduleRepeatTranslationProject] com.adobe.cq.wcm.translation.impl.scheduler.ScheduleRepeatTranslationProject Starting sync process now
26.01.2023 00:00:00.012 [cm-p23010-e63786-aem-author-5d5cb8ff87-tsfd6] *INFO* [sling-default-2-com.adobe.cq.wcm.translation.impl.scheduler.ScheduleRepeatTranslationProject] com.adobe.cq.wcm.translation.impl.scheduler.ScheduleRepeatTranslationProject Sync process complete
26.01.2023 00:00:00.142 [cm-p23010-e63786-aem-author-5d5cb8ff87-tsfd6] *INFO* [sling-default-5-com.day.cq.dam.core.impl.ExpiryNotificationJobImpl] com.day.cq.dam.core.impl.ExpiryNotificationJobImpl No assets passed to deactivate.
26.01.2023 00:00:01.516 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *INFO* [sling-default-3-257325146] org.apache.jackrabbit.oak.plugins.blob.AbstractSharedCachingDataStore Added blob [8d4bcb65dbb8b3fc44e1e0616c68761efa86166432f689e707a1c64205008a56] to backend
26.01.2023 00:00:01.544 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *ERROR* [sling-default-3-257325146] com.day.cq.dam.api.AssetManager Failed to save asset /content/dam/data/assets/metadata/inproseal_resources_metadata.csv
26.01.2023 00:00:01.546 [cm-p23010-e63786-aem-author-5d5cb8ff87-wf5wc] *ERROR* [sling-default-3-257325146] com.day.cq.dam.api.AssetManager Stack Trace:
javax.jcr.AccessDeniedException: OakAccess0000: Access denied
	at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:232) [org.apache.jackrabbit.oak-api:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:213) [org.apache.jackrabbit.oak-api:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:711) [org.apache.jackrabbit.oak-jcr:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:532) [org.apache.jackrabbit.oak-jcr:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.jcr.session.SessionImpl$9.performVoid(SessionImpl.java:457) [org.apache.jackrabbit.oak-jcr:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:280) [org.apache.jackrabbit.oak-jcr:1.44.0.T20220909141113-2457ffc]
	at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:454) [org.apache.jackrabbit.oak-jcr:1.44.0.T20220909141113-2457ffc]
	at com.adobe.granite.repository.impl.CRX3SessionImpl.save(CRX3SessionImpl.java:220) [com.adobe.granite.repository:1.8.50]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createOrUpdateAsset(AssetManagerImpl.java:341) [com.day.cq.dam.cq-dam-core:5.13.456]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createOrUpdateAsset(AssetManagerImpl.java:260) [com.day.cq.dam.cq-dam-core:5.13.456]
	at com.day.cq.dam.core.impl.AssetManagerImpl.createAsset(AssetManagerImpl.java:247) [com.day.cq.dam.cq-dam-core:5.13.456]
	at com.dovercorporation.core.services.search.impl.MetadataCSVImpl.createCsvFile(MetadataCSVImpl.java:270) [dover.core:2023.119.174240.0002190682]
	at com.dovercorporation.core.schedulers.MetadataScheduler.run(MetadataScheduler.java:132) [dover.core:2023.119.174240.0002190682]
	at org.apache.sling.commons.scheduler.impl.QuartzJobExecutor.execute(QuartzJobExecutor.java:349) [org.apache.sling.commons.scheduler:2.7.12]
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [org.apache.sling.commons.scheduler:2.7.12]
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)

 

 

 

 

Views

922

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/1/23 11:26:53 PM

Hi @rahul234dabas 

It seems like your custom code is using a session or resolver derived from the anonymous user which doesn't have DAM write permission. Usually, these scenarios are handled using the service resolver concept.

Check this:
https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-servic....

https://sourcedcode.com/blog/aem/create-system-service-users-in-aem-6-5-with-code-configurations


Regards

View solution in original post

Views

914

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
2/1/23 11:26:53 PM

Hi @rahul234dabas 

It seems like your custom code is using a session or resolver derived from the anonymous user which doesn't have DAM write permission. Usually, these scenarios are handled using the service resolver concept.

Check this:
https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-servic....

https://sourcedcode.com/blog/aem/create-system-service-users-in-aem-6-5-with-code-configurations


Regards

Views

915

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
2/1/23 11:45:45 PM

Hi @rahul234dabas ,

 

When we want to perform any CRUD operation on the repository, we need right access. For example a write operation needs edit access. 

 

  • We need to create system user.
  • The system user should have edit access.
  • We need user mapping for the system user-bundle in which your code is present- 'Apache Sling Service User Mapper Service'

I have explained this AEM - Use of multiple sub services- system users for different use cases 

 

Thanks,

Ritesh Mittal

Views

909

Replies

0
Sign in to like this content

Total Likes

Translate
Translate