How to set up a rep:policy(deny) for a specific user group to not access an AEM page programmatically

Avatar

Avatar

srig786

Avatar

srig786

srig786

10-07-2019

Hi,

I have a requirement where I should set up a deny (rep:policy) access to an user group(Eg: testgroup) under a specific AEM page (Eg: /content/we-retail/us/en/experience/hours-of-wilderness) programmatically based on the checkbox property authored in page properties as shown in the screenshot below.

checkbox-property-in-page-properties.png

I know we can manually set up the privileges/permissions using user admin interface shown in screenshot below

deny-access-given-in-useradmin.png

When we provide deny jcr:read access in user admin, AEM creates a rep:policy/deny node under the page for that specific usergroup (eg: testgroup). However I want to achieve this programmatically.

deny-access-schreeshot.png

Could someone suggest/provide an example to implement this use case ? please let me know if you need any additional information.

Thanks in Advance,

Regards,

Sri.

View Entire Topic

Avatar

Avatar

anjali_biddanda

Avatar

anjali_biddanda

anjali_biddanda

21-09-2020

This does it:

 

//Create your adminSession using a mapped service user
Map<String, Object> param = new HashMap<String, Object>();
param.put(ResourceResolverFactory.SUBSERVICE, "write-service"); //ensure you have write-service user created via a config script or on usermanager
ResourceResolver resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);
Session adminSession = resourceResolver.adaptTo(Session.class);

AccessControlManager aMgr = adminSession.getAccessControlManager();
// create privilege
Privilege[] privileges = new Privilege[]{aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)};

JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(adminSession, path);
acl.addEntry(contentManagerGroup.getPrincipal(),privileges,false);
aMgr.setPolicy(path, acl);
adminSession.save();