Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED
How to fetch ACLs of sites and individual pages in AEM On-Prem and SAAS?
1 Accepted Solution
Correct answer by
Since an administrator can see all effective permissions for a specific path in CRX Explorer > Access Control
If you are looking forward to fetch the details in the java code you can use the "AccessControlManager" api and use the method "getEffectivePolicies" in your custom logic.
API Reference:
There are some more use case present in the ACS Commons as well, you can check out the code within it to understand how we can use it.
Reference for ACS git: https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...
Thanks
Correct answer by
Since an administrator can see all effective permissions for a specific path in CRX Explorer > Access Control
If you are looking forward to fetch the details in the java code you can use the "AccessControlManager" api and use the method "getEffectivePolicies" in your custom logic.
API Reference:
There are some more use case present in the ACS Commons as well, you can check out the code within it to understand how we can use it.
Reference for ACS git: https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...
Thanks
Hi @Omkar_Phadtare ,
There are two ways you can read ACL from a node. You can either chose a
- CRX or
- Jackrabbit way.
find both examples in below piece of code.
private static final String READ_ACCESS = "jcr:read";
AccessControlManager accessControlManager = jackrabbitSession.getAccessControlManager();
AccessControlPolicy[] accessControlPolicies = accessControlManager.getEffectivePolicies(path);
for(AccessControlPolicy accessControlPolicy:accessControlPolicies) {
JackrabbitAccessControlList accessControlList = (JackrabbitAccessControlList)accessControlPolicy;
AccessControlEntry[] accessControlEntries = accessControlList.getAccessControlEntries();
for(AccessControlEntry accessControlEntry:accessControlEntries) {
//Using CRX Way
String[] privilege = {READ_ACCESS};
//AclPolicy aclPolicy = new AclPolicy(accessControlEntry.getPrincipal().getName(),privilege,false);
//CRXPolicyManager crxPolicyManager = new CRXPolicyManager(jackrabbitSession);
//crxPolicyManager.applyPolicy(path, aclPolicy);
//Jackrabbit way
Privilege[] privileges = new
Privilege[]{accessControlManager.privilegeFromName(Privilege.JCR_READ)};
JackrabbitAccessControlList acl;
try {
acl = (JackrabbitAccessControlList)
accessControlManager.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
// ignore
acl = (JackrabbitAccessControlList) accessControlManager.getPolicies(path)[0];
}
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
acl.addEntry(accessControlEntry.getPrincipal(), privileges, false);
accessControlManager.setPolicy(path, acl);
jackrabbitSession.save();
}
}
}
} catch (PathNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (RepositoryException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// TODO Auto-generated method stub
}References are linked in above options.
Hope that helps!
Regards,
Santosh
