Highlighted

Permissions for AssetShare on Publisher

Avatar

Avatar

bfvaughn

Avatar

bfvaughn

bfvaughn

06-11-2017

Hello,

We sre trying to use the Asset Share functionality on a publisher instance.  We are seeing errors when we try to use the Lightbox functionality on the AssetShare page or viewing an asset in the assetviewer page.   Here is the exception:

06.11.2017 10:19:52.377 *ERROR* [0:0:0:0:0:0:0:1 [1509985192298] GET /content/dam/client/client-dot-com/cmsimages/120145_wl_MATLABtoC_figure2_wl.jpg.form.html/content/asset-share/assetviewer.html HTTP/1.1] com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl Repository exception

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java:71)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:294)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:263)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

at org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:112)

at org.apache.jackrabbit.oak.jcr.session.NodeImpl.addNode(NodeImpl.java:263)

at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.java:91)

at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.java:39)

at org.apache.jsp.apps.dam.components.asseteditor.actions.lightbox.lightbox_jsp._jspService(lightbox_jsp.java:170)

If I log in as Admin on the publisher the functionality works.  These publisher pages are behind a login so we will be using a closed user group to view these pages.

Replies

Highlighted

Avatar

Avatar

sarath_kumarr79

Avatar

sarath_kumarr79

sarath_kumarr79

01-07-2018

Hi,

Is your issue resolved. I'm also facing the same issue for design importer pages. If you know whats the issue please let me know ?

Highlighted

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K
Jörg_Hoh
Employee

02-07-2018

at org.apache.jackrabbit.oak.jcr.session.NodeImpl.addNode(NodeImpl.java:263) at com.day.cq.dam.core.impl.lightbox.LightboxServiceImpl.getLightbox(LightboxServiceImpl.jav a:91)

The problem is that the lightbox functionality is trying to add some nodes to the repository (which is a really bad design ...), and this does not work on publish in the anonymous case (because the anonymous user does not have write permissions to the repo, which is default; do not change!)

I would assume that the lightbox functionality is barely been tested on publish instances with anon users. Are you using asset share commons?

Regards,

Jörg

Highlighted

Avatar

Avatar

sarath_kumarr79

Avatar

sarath_kumarr79

sarath_kumarr79

02-07-2018

Hi,

We have faced similar issue for Design Importer pages. when our content authors tried to upload a zip file it showed Repository Exception. When tried it with admin user it works. Have examined the logs and figured out that when we use impoter pages it will create intermediate node inside "/apps". We usually don't give write permissions to /apps folder for content authors. for now we have amended write access to /apps for groups.

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java: 71)

Highlighted

Avatar

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K

Avatar

Jörg_Hoh

Employee

Total Posts

3.0K

Likes

910

Correct Answer

1.0K
Jörg_Hoh
Employee

03-07-2018

I would strongly advise not give the anonymous user write permissions to /apps on publish. Even on authoring instances this is questionable...

regards,
Jörg

Highlighted

Avatar

Avatar

sarath_kumarr79

Avatar

sarath_kumarr79

sarath_kumarr79

03-07-2018

My Use case is in Author Only. Not sure whether any other users face the same issue who are using Importer Pages.

Thanks

Sarath.