Hi,
Recently after migration from on prem to cloud, somehow rep:policy nodes are visible on author environments under /content/ path. This node is visible on many places under "content". its difficult to delete directly from CRX/DE, as its there on so many places, now i am trying to delete it programmatically, but this throwing error:
javax.jcr.nodetype.ConstraintViolationException: Item is protected.
i am using code as below:
@Override
protected void doDelete(SlingHttpServletRequest request, SlingHttpServletResponse response) {
log.info("inside doDelete method");
String sirContentPath = "/content/sir";
try {
log.info("Runmode isAuthor {}", isAuthor());
adminSession = getAdminSession();
if (adminSession != null && isAuthor()) {
Node rootNode = adminSession.getNode(sirContentPath);
removePolicyNodesRecursively(rootNode);
//response.getWriter().write("rep:policy nodes removed successfully.");
} else {
log.info("Runmode isAuthor failed {}", isAuthor());
///response.getWriter().write("Session is null.");
}
} catch (RepositoryException e) {
log.error("RepositoryException: ", e);
//response.getWriter().write("Error occurred while removing re:policy nodes.");
}finally {
if (adminSession != null && adminSession.isLive()) {
adminSession.logout();
}
}
}
private void removePolicyNodesRecursively(Node node) throws RepositoryException {
if (node.hasNode("rep:policy")) {
Node policyNode = node.getNode("rep:policy");
log.info("Removed rep:policy node from {}", node.getPath());
if (policyNode != null) {
//try {
log.info("policyNode.getProperty:: {}", policyNode.getProperties().toString());
policyNode.remove();
//policyNode.setProperty("testValue", "true");
adminSession.save();
//policyNode.remove();
//policyNode.getSession().save();
log.info("rep:policy node Removed");
//} catch (RepositoryException e) {
//log.error("Exception while deleting node::{}", e);
//}
}
}
NodeIterator nodeIterator = node.getNodes();
while (nodeIterator.hasNext()) {
Node childNode = nodeIterator.nextNode();
removePolicyNodesRecursively(childNode);
}
}
private boolean isAuthor() {
return slingSettingsService.getRunModes().contains("author");
}
public Session getAdminSession() {
Session session = null;
log.info("Got the resolverFactory :::::::::::::::::::::: >>> {}", resolverFactory);
try {
Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, PRINCIPAL_SIR_SERVICE_USER);
//ResourceResolver resolver = resolverFactory.getServiceResourceResolver(param);
//log.debug("Success in getting the resolver: {}", resolver.getUserID());
ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
log.debug("resolver userID: {}", resolver.getUserID());
session = repository.loginAdministrative(null);
//session = resolver.adaptTo(Session.class);
} catch (Exception e) {
log.error("Error in getting the session {}", e.getMessage());
}
return session;
}
Appreciate your thoughts
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @snjkhandelwal2,
This is possible using AccessControlManager api. Below is sample snippet of code and repository structure to make it clear how it works.
Please be careful because below code will remove rep:policy, and any other ACL that are defined under it.
Sample repository structure:
Below code will remove rep:policy node defined for /content/we-retail/it path. In other words rep:policy located directly under /content/we-retail/it will be removed.
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
AccessControlManager accessManager = session.getAccessControlManager();
String path = "/content/we-retail/it";
AccessControlPolicy[] policies = accessManager.getPolicies(path);
for(AccessControlPolicy policy : policies) {
accessManager.removePolicy(path, policy);
session.save();
}
Please note one important thing, path is not a path to specific rep:policy node, but to the node that is restricted by the specific policy - it is usually parent node to rep:policy.
@snjkhandelwal2 : You should not have to remove these nodes as they serve a purpose. These nodes are created when you have applied Access Control Entries (ACEs) on the pages.
Can you please refer this link and see if it helps : https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/unexplained-rep-policy-nod...
Hi @snjkhandelwal2
You can't delete this like a regular node.
Remove the permission from rep:policy node, in case any issue due to permission. Otherwise keep it, it has no impact on publish.
Hi @snjkhandelwal2,
This is possible using AccessControlManager api. Below is sample snippet of code and repository structure to make it clear how it works.
Please be careful because below code will remove rep:policy, and any other ACL that are defined under it.
Sample repository structure:
Below code will remove rep:policy node defined for /content/we-retail/it path. In other words rep:policy located directly under /content/we-retail/it will be removed.
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
AccessControlManager accessManager = session.getAccessControlManager();
String path = "/content/we-retail/it";
AccessControlPolicy[] policies = accessManager.getPolicies(path);
for(AccessControlPolicy policy : policies) {
accessManager.removePolicy(path, policy);
session.save();
}
Please note one important thing, path is not a path to specific rep:policy node, but to the node that is restricted by the specific policy - it is usually parent node to rep:policy.