Impersonate a User From a Backend Custom Service | Community
Skip to main content
G
gauravs23
Level 2
October 27, 2021
Solved

Impersonate a User From a Backend Custom Service

  • October 27, 2021
  • 1 reply
  • 1811 views

We have a custom service which is supposed to send emails to the end users (user data is saved in AEM) whenever a file stored in DAM is modified or a new file is uploaded under a certain DAM location. So, we are using event handler for catching the add/edit event, however, the email should be sent to the end users ONLY if the user has access to that file as per their assigned permissions through groups. So, in our even handler we need to first impersonate the user and then get the session of the impersonated user in order to check if that user has permissions to the file or not.

 

We are looking for any ideas on how to impersonate a user using code in an AEM service.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Siva_Sogalapalli

Hi @gauravs23 

Please check below thread and see if that works :

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/api-to-check-user-access-to-dam-asset-where-the-folder-is/m-p/188934

 

Note: Also, please use latest APIs. 

1 reply

Siva_Sogalapalli
Community Advisor
Siva_SogalapalliCommunity AdvisorAccepted solution
Community Advisor
October 27, 2021

Hi @gauravs23 

Please check below thread and see if that works :

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/api-to-check-user-access-to-dam-asset-where-the-folder-is/m-p/188934

 

Note: Also, please use latest APIs. 

    G
    gauravs23Author
    Level 2
    October 28, 2021

    Thanks SivaPrasad for pointing me to the right thread. The solution provided there works.

     

    However, it works only with admin resource resolver but not with any service resource resolver as it gives an error "Impersonation not allowed" even though the service user being used has jcr:all rights on /home.

     

    Do you know if we are forced to use admin resolver if we want to do impersonation?

      Siva_Sogalapalli
      Community Advisor
      Siva_SogalapalliCommunity Advisor
      Community Advisor
      October 28, 2021

      Hi @gauravs23 

       

       I think system user cannot impersonate a non system AEM user because it's a user without password but we can impersonate with other AEM user.  Please check below and see if that helps in understanding the limitations.  

       

      https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-service-users.html?lang=en 

       

      https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security.html?lang=en 

       

      https://github.com/AdobeDocs/experience-manager-65.en/blob/master/help/sites-administering/security-service-users.md 

        Terms & ConditionsAccessibility statement

        Loading footer...