Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

How to get admin session from Repository

Avatar

Level 2

Hi,

I'm getting administration session as seen below but this method is deprecated:

@Reference private SlingRepository repository;
adminSession = repository.loginAdministrative(null);

Also. another way to get session is:

Session session = repository.login(new SimpleCredentials("admin","admin".toCharArray()),"crx.default");

but we are not supposed to use admin, admin credentials.

Is there any other way apart from above mentioned to get admin session?

14 Replies

Avatar

Employee

First question I always ask is, why do you need an admin-session?

Avatar

Level 4

@Reference
 public ResourceResolverFactory rrFactory;

ResourceResolver adminResolver = rrFactory.getAdministrativeResourceResolver(null);        
Session adminSession = adminResolver.adaptTo(Session.class);

Avatar

Level 10

In AEM 6.x, you are suppose to use code like this.

 Map<String, Object> param = new HashMap<String, Object>();
        param.put(ResourceResolverFactory.SUBSERVICE, "jqom");
        ResourceResolver resolver = null;
          
        try {
                     
            //Invoke the getServiceResourceResolver method to create a Session instance
            resolver = resolverFactory.getServiceResourceResolver(param);
            session = resolver.adaptTo(Session.class);
             

See

 

https://helpx.adobe.com/experience-manager/using/jqom.html

The above community article shows how to properly get a sessionusing an AEM system user.

Avatar

Level 3

Hi smacdonald2008​,

I am using AEM6.4. As you mentioned, to create session using ResourceResolver, I couldnt find the configuration Apache Sling User Mapper Service in configMgr.

Could you share the exact name as it appears in 6.4?

Map<String, Object> param = new HashMap<String, Object>();

param.put(ResourceResolverFactory.SUBSERVICE, "******");

Otherwise, if the 'admin' user himself can access, do we need to do this ? What will be the alternative code for that ?

Thanks in advance!

Avatar

Level 8

You can create a user and assign it to the administrative group and use it's credentials rather than the default admin user.

You may also want to take a look at this article which goes over using the correct resource resolver in AEM 6.

Avatar

Level 2

Thanks for your response.

Is there any difference between admin user and administrators group user from privileges perspective.

As I have seen in impersonation functionality, Admin user can see all the user to impersonate but if we create user with administrators group privileges, it will not be able to see. This user has to drag user and then can impersonate.

Avatar

Level 8

I don't exactly know that I understand what you're saying about the user drag/drop, impersonation piece, but from the perspective of using it in a service to create/read/etc, you shouldn't have any issues.  The only restriction that i'm aware of is that only the "admin" user has access to the CRX Explorer/System Console.

Avatar

Level 2

Hi,

In our case we have to impersonate user session who has locked page. so we are doing this by taking admin session.

                adminSession = repository.loginAdministrative(null);
                userSession = adminSession.impersonate(new SimpleCredentials(lockedByUser, "".toCharArray()));
                LockManager lockManager = userSession.getWorkspace().getLockManager();
                if (lockManager.isLocked(request.getParameter(Constants.PATH) + Constants.JCRCONTENTPATTERN)) {
                    lockManager.unlock(request.getParameter(Constants.PATH) + Constants.JCRCONTENTPATTERN);
                }

If we want to replace adminSession = repository.loginAdministrative(null); with  Session loginService(String subServiceName, String workspace). We created a system user, tried giving administrator group privileges (Impersonation not allowed error) or even using "admin" in ServiceUserMapping config (Service name not allowed error).

Service user works fine for normal scenario, but not working in this particular case. Is there a way we can get admin session without using deprecated method or a creating a system user which is same as admin user.

 

Avatar

Level 10

@Reference
 public ResourceResolverFactory rrFactory;

ResourceResolver adminResolver = rrFactory.getAdministrativeResourceResolver(null);        
Session adminSession = adminResolver.adaptTo(Session.class);

(this is deprecated in latest version - but it still works) 

If you do not want that way - create a system user and give that user ACL privileges. 

https://helpx.adobe.com/experience-manager/using/jqom.html

The above community article shows how to properly get a session using an AEM system user.

Those 2 ways are the only options. 

Avatar

Level 2

Hi,

System user scenario is working fine. We are able to get session. But when it comes to unlock page by impersonating user, it is failing.

Could you please let me know what permissions are required for user to impersonate any other user. Also, user can be multiple, so which user has locked page that cannot be hardcoded. 

Thanks

Avatar

Community Advisor

Hi Scott,

I have a question regarding Session in AEM that is:

while working with resource we use a session from resourceResolver and while working with event like stuff we required a session from repository.loginService("datawrite",null), so if you can please explain why these two types of sessions are required and why session extracted from resourceResolver is not working with EventListener ?

Waiting for you response.

Thanks

Umesh Thakur 

Avatar

Community Advisor

Hi,

While working with sling events you can take session from subservice or resourceResolver but when you directly work at JCR(Repository) level you can't get sessions from sling request, you need to get JCR repository session.



Arun Patidar

Avatar

Employee Advisor

You should also add the service user as impersonator for the user account who has locked the page. You can add the impersonator in the user admin UI.