Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to get current user session in osgi service?

Avatar

Level 3

Is it possible to get the current user session from osgi service like from slingrequest. I need to get the user session so that I can use the current user permission to replicate some assets.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@thatsmeadarsh, I think that the simplest option will be to have/use service user for replication. So it could look like this, assuming you have access to resource resolver for system user:

  • Using system user resource resolver you can get session object and check if user with given id has replication permission for specific path(s)
  • Base on above information you can decide if replication should be executed or not, of course replication will be run using system user.

In general, I do not think there will be an easy way to get session object for specific user in your use case. You can try to use impersonation functionality, but to do this you will need session of admin user anyway.

View solution in original post

4 Replies

Avatar

Community Advisor

@thatsmeadarsh,

The best practice is to use a system user with the correct permissions to make such replication actions, but however, for your use case of acquiring the current, logged in user (from aem author), from a Sling Servlet, try using the code below:

@Override
    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
        Session session = request.getResourceResolver().adaptTo(Session.class);
        String userId = Objects.requireNonNull(session).getUserID();
    }

Avatar

Level 3

Hi @BrianKasingli 

Thanks for your response. Unfortunately I am not in servlet but in a service implementing ResourceChangelistner. The reason why I am not using system user is by taking current user, I'll be able to check if the current user have replication permission. If they have the permission, I can use the same session to replicate.

 

In servlet we used the same approach but now looking to do this within an osgi service.

 

Thanks

Avatar

Community Advisor

Hi @thatsmeadarsh, you can get user ID that initiates specific change directly from ResourceChange object, i.e.

@Override
public void onChange(List<ResourceChange> changes) {
    for (ResourceChange change : changes) {
        String userId = change.getUserId();
        // ...
    }        
}

 

Avatar

Level 3

Hi @lukasz-m 

But still I need session to call replicator.

replicator.replicate(session, ReplicationActionType.TEST, path, options);

 

Thanks

Avatar

Correct answer by
Community Advisor

@thatsmeadarsh, I think that the simplest option will be to have/use service user for replication. So it could look like this, assuming you have access to resource resolver for system user:

  • Using system user resource resolver you can get session object and check if user with given id has replication permission for specific path(s)
  • Base on above information you can decide if replication should be executed or not, of course replication will be run using system user.

In general, I do not think there will be an easy way to get session object for specific user in your use case. You can try to use impersonation functionality, but to do this you will need session of admin user anyway.

Avatar

Employee Advisor

there is nothing like "current user" for an OSGI service. The only concept in AEM which knows about the "current user" is the request, and derived from that a resourceResolver.

That means, to activate something in the context of the current user, it's the easiest if you use a session owned by "current user" to replicate things.