Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Permissions for AssetShare on Publisher

Avatar

Level 3

Hello,

We sre trying to use the Asset Share functionality on a publisher instance.  We are seeing errors when we try to use the Lightbox functionality on the AssetShare page or viewing an asset in the assetviewer page.   Here is the exception:

06.11.2017 10:19:52.377 *ERROR* [0:0:0:0:0:0:0:1 [1509985192298] GET /content/dam/client/client-dot-com/cmsimages/120145_wl_MATLABtoC_figure2_wl.jpg.form.html/content/asset-share/assetviewer.html HTTP/1.1] com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl Repository exception

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java:71)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:294)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:263)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

at org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:112)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl.addNode(NodeImpl.java:263)

at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.java:91)

at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.java:39)

at org.apache.jsp.apps.dam.components.asseteditor.actions.lightbox.lightbox_jsp._jspService(lightbox_jsp.java:170)

If I log in as Admin on the publisher the functionality works.  These publisher pages are behind a login so we will be using a closed user group to view these pages.

5 Replies

Avatar

Level 1

Hi,

Is your issue resolved. I'm also facing the same issue for design importer pages. If you know whats the issue please let me know ?

Avatar

Employee Advisor

at org.apache.jackrabbit.oak.jcr.session.NodeImpl.addNode(NodeImpl.java:263) at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.jav a:91)

The problem is that the lightbox functionality is trying to add some nodes to the repository (which is a really bad design ...), and this does not work on publish in the anonymous case (because the anonymous user does not have write permissions to the repo, which is default; do not change!)

I would assume that the lightbox functionality is barely been tested on publish instances with anon users. Are you using asset share commons?

Regards,

Jörg

Avatar

Level 1

Hi,

We have faced similar issue for Design Importer pages. when our content authors tried to upload a zip file it showed Repository Exception. When tried it with admin user it works. Have examined the logs and figured out that when we use impoter pages it will create intermediate node inside "/apps". We usually don't give write permissions to /apps folder for content authors. for now we have amended write access to /apps for groups.

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java: 71)

Avatar

Employee Advisor

I would strongly advise not give the anonymous user write permissions to /apps on publish. Even on authoring instances this is questionable...

regards,
Jörg

Avatar

Level 1

My Use case is in Author Only. Not sure whether any other users face the same issue who are using Importer Pages.

Thanks

Sarath.