Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Failed to add ACL permissions in AEM 6.3

sreenivasula
Level 4
Level 4

Hello All,

            We are creating certain users and assigning ACL permissions programmatically, using below code(partial  code), which is perfectly working in AEM 6.0 but failing in AEM 6.3, throwing below exception.

Coul you please let us know, how to implement the below in AEM 6.3, any helpx document will be helpful.

06.08.2018 13:41:49.267 *ERROR* [qtp1995913297-46126] com.abc.xyz.cms.author-config-2.0.0.SNAPSHOT [com.abc.xyz.cms.bundle.config.AuthorConfigInitializer(3275)] The start method has thrown an exception (java.lang.ClassCastException: org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugPolicyImpl cannot be cast to javax.jcr.security.AccessControlList)

java.lang.ClassCastException: org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugPolicyImpl cannot be cast to javax.jcr.security.AccessControlList

        at com.abc.xyz.cms.service.persistence.user.impl.AddACLPermiOperation.addACLPermiForGroup(AddACLPermiOperation.java:74)

Partial Code:-

@PerformInSession

public void addACLPermiForGroup(final String groupName, final String path, final String privilege)

        throws UserPersistenceException {

    try {

        UserManagerWrapper userManagerWrapper = userManagerWrapperFactory.createUserManagerWrapper();

        AccessControlManager aMgr = accessControlManagerFactory.createAccessControlManager();

        AccessControlList acl;

        for (String strPath : path.split(PATH_CONFIG_SEPARATOR)) {

            AccessControlPolicyIterator acplItr = aMgr.getApplicablePolicies(strPath);

            if (acplItr.hasNext()) {

                // get first applicable policy (for nodes w/o policy)

               acl = (AccessControlList) acplItr.nextAccessControlPolicy(); // Exception is thrown at this line

            } else {

                // else node already has a policy, get that one

                acl = (AccessControlList) aMgr.getPolicies(strPath)[0];

            }

            for (AccessControlEntry e : acl.getAccessControlEntries()) {

                Principal p = e.getPrincipal();

                if (e.getPrincipal().equals(userManagerWrapper.getExistingAemGroup(groupName).getPrincipal()))

                {

                    acl.removeAccessControlEntry(e);

                }

            }

           String[] privilegeNames = privilege.split(PATH_CONFIG_SEPARATOR);

            Privilege[] privileges = new Privilege[privilegeNames.length];

            for(int i=0; i < privileges.length; i++)

            {

                privileges[i] = aMgr.privilegeFromName(privilegeNames[i]);

            }

            acl.addAccessControlEntry(

                    userManagerWrapper.getExistingAemGroup(groupName).getPrincipal(), privileges);

            aMgr.setPolicy(strPath, acl);

        }

    } catch (RepositoryException e) {

        throw new RetryableRepositoryException(String.format(

                "Failed to add %s ACL permission to %s for %s", privilege, path, groupName, e));

    }

}

1 Accepted Solution
Jitendra_S_Toma
Correct answer by
Level 9
Level 9

Hi Sree,

Here is very good documentation around it. I believe it is just API Change and not anything logically failing there. Just follow the sections for reading/updating access policy.

Closed User Groups in AEM 6.3

View solution in original post

0 Replies
Jitendra_S_Toma
Correct answer by
Level 9
Level 9

Hi Sree,

Here is very good documentation around it. I believe it is just API Change and not anything logically failing there. Just follow the sections for reading/updating access policy.

Closed User Groups in AEM 6.3

View solution in original post

velparic1097644
Level 1
Level 1

Hi Jitendra,

                    We had checked this link  Closed User Groups in AEM 6.3  in which they are assigning some values to the Principal Api . Please find the below code

"

Principal toAdd1 = [...]

Principal toAdd2 = [...]

"

Can you please suggest us what parameters we need to pass to the variables toAdd1,toAdd2. ??

velparic1097644
Level 1
Level 1

Hi Sreenivasula,

                            This is Velpari. We are also facing the same issue for the permission. Did the permission issue fixed for you ?

In-case if it fixed, Can you please send us the updated code or suggest how to fix the Issue ??

muruganr007
Level 1
Level 1

Hi Sreenivasalu,

We are also facing the same issue,

org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugPolicyImpl cannot be cast to javax.jcr.security.AccessControlList.

I tried to modify the code from the suggested link but still i am facing the same issue.Closed User Groups in AEM 6.3

Please let us know what you have done to fix this issue.

anjali_biddanda
Level 4
Level 4

You don't need to use CUG here, as they are for pages that need login. You can use AccessControlUtils.getAccessControlList(adminSession, path) to get the ACL instead.

 

//Create your adminSession using a mapped service user
Map<String, Object> param = new HashMap<String, Object>();
param.put(ResourceResolverFactory.SUBSERVICE, "write-service"); //ensure you have write-service user created via a config script or on usermanager
ResourceResolver resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);
Session adminSession = resourceResolver.adaptTo(Session.class);

AccessControlManager aMgr = adminSession.getAccessControlManager();
// create privilege
Privilege[] privileges = new Privilege[]{aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)};

JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(adminSession, path);
acl.addEntry(contentManagerGroup.getPrincipal(),privileges,false);
aMgr.setPolicy(path, acl);
adminSession.save();