Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
SOLVED

How to fetch ACLs of sites and individual pages in AEM On-Prem and SAAS?

Avatar

Level 2
 
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@Omkar_Phadtare 

Since an administrator can see all effective permissions for a specific path in CRX Explorer > Access Control

 

If you are looking forward to fetch the details in the java code you can use the "AccessControlManager" api and use the method "getEffectivePolicies" in your custom logic.

API Reference:

https://developer.adobe.com/experience-manager/reference-materials/spec/jsr170/javadocs/jcr-2.0/java...

 

There are some more use case present in the ACS Commons as well, you can check out the code within it to understand how we can use it.

Reference for ACS git: https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...

 

Thanks 

 

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

@Omkar_Phadtare 

Since an administrator can see all effective permissions for a specific path in CRX Explorer > Access Control

 

If you are looking forward to fetch the details in the java code you can use the "AccessControlManager" api and use the method "getEffectivePolicies" in your custom logic.

API Reference:

https://developer.adobe.com/experience-manager/reference-materials/spec/jsr170/javadocs/jcr-2.0/java...

 

There are some more use case present in the ACS Commons as well, you can check out the code within it to understand how we can use it.

Reference for ACS git: https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...

 

Thanks 

 

Avatar

Community Advisor

Hi @Omkar_Phadtare ,

There are two ways you can read ACL from a node. You can either chose a

  1. CRX or 
  2. Jackrabbit way. 

find both examples in below piece of code.

private static final String READ_ACCESS = "jcr:read";
AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();
AccessControlPolicy[] accessControlPolicies = accessControlManager.getEffectivePolicies(path);
for(AccessControlPolicy accessControlPolicy:accessControlPolicies) {
      JackrabbitAccessControlList accessControlList = (JackrabbitAccessControlList)accessControlPolicy;
      AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
      for(AccessControlEntry accessControlEntry:accessControlEntries) {

//Using CRX Way String[] privilege = {READ_ACCESS}; //AclPolicy aclPolicy = new AclPolicy(accessControlEntry.getPrincipal().getName(),privilege,false); //CRXPolicyManager crxPolicyManager = new CRXPolicyManager(jackrabbitSession); //crxPolicyManager.applyPolicy(path, aclPolicy); //Jackrabbit way Privilege[] privileges = new Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_READ)}; JackrabbitAccessControlList acl; try { acl = (JackrabbitAccessControlList) accessControlManager.getApplicablePolicies(path).nextAccessControlPolicy(); } catch (NoSuchElementException e) { // ignore acl = (JackrabbitAccessControlList) accessControlManager.getPolicies(path)[0]; } for (AccessControlEntry e : acl.getAccessControlEntries()) { acl.removeAccessControlEntry(e); } acl.addEntry(accessControlEntry.getPrincipal(), privileges, false); accessControlManager.setPolicy(path, acl); jackrabbitSession.save(); } } } } catch (PathNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (RepositoryException e) { // TODO Auto-generated catch block e.printStackTrace(); } // TODO Auto-generated method stub }

References are linked in above options.

Hope that helps!

Regards,

Santosh