Hi All,
I have a Java component bean which creates a child resource and then calls resourceResolver.commit().
It is working fine on the 6.3 Author server.
But on the 6.3 Publish server it is throwing the following exception:-
org.apache.sling.api.resource.PersistenceException: Unable to commit changes to session.
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:210) [org.apache.jackrabbit.oak-core:1.8.2]
Does anyone know how I can investigate / resolve this?
Thank you for your time.
Solved! Go to Solution.
THANK YOU ALL!!
Got there eventually using the steps below to create a System User , and then "map" System User with OSGi bundle :-
1.1. Goto http://localhost:4542/crx/explorer/index.jsp
1.2. Login as admin
1.3. Click "User Administration"
1.4. Click "Create SYSTEM User"
1.5. Input UserID (for example "content-writer")
1.6. Click green tick to create System User
Repeat above process for Publish server (http://localhost:4543/crx/explorer/index.jsp)
2.1. Goto http://localhost:4542/system/console/configMgr
2.2. Search for "Apache Sling Service User Mapper Service"
2.3. Click icon to "Edit the configuration values"
2.4. Click plus ('+') button to add Service Mappings
2.5. Input new Service Mappings (for example "org.apache.sling.models.impl=content-writer" or "org.apache.sling.models.impl:content-writer=content-writer")
Repeat above process for Publish server (http://localhost:4543/system/console/configMgr)
After completing above steps , it should be possible to getServiceResourceResolver() using the following Java code :-
final Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, "content-writer");
final ResourceResolver rr = resourceResolverFactory.getServiceResourceResolver(param);
Views
Replies
Total Likes
Hi,
How you are getting resourceResolver?
The user should have permission to persist all the pending changes.
Can you check users permisisons?
Thanks
Arun
Views
Replies
Total Likes
Hi,
it works in author because in the author you always log in with the user who has correct access to modify/read the content. And I believe you are getting resourceResolver object from the Request object. In author, Request object gets the correct user. However, In the publish environment, Request object will have an anonymous user. And you know, the anonymous user will not have access to update the content of your pages.
The solution is that we should try with the user who can enough access in publish too. if no user exists then you need to create in publishing too.
I hope this helps.
Views
Replies
Total Likes
Hi,
Thanks for your replies.
The ResourceResolver is injected using the following :-
@Inject
private ResourceResolver resourceResolver;
Views
Replies
Total Likes
Yeah. That is how you get resourceResolver from Request object in Sightly POJO. You need to get resource resolver with a specific user who has some level of access on the publish environment.
Reference
You can get more info on this post.
How to get admin session from Repository
FYI
Publish user must have limited access.
Views
Replies
Total Likes
that is fine but are you using end user session, if yes they should have write permission.
else, use service user will correct permission to perform this operation.
Yes, end user(Anonymous) doesn't have permission to write as edubey already said, use service user for create/modifying content.
Views
Replies
Total Likes
Thank you for your replies. I have tried running the following Java code , to get a ServiceResourceResolver , for EVERY User listed in http://localhost:4502/useradmin :-
private void getServiceResourceResolverForUser(final String user)
{
try
{
final Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, user);
final ResourceResolver rr = resourceResolverFactory.getServiceResourceResolver(param);
log("SUCCESS: " + rr.toString());
}
catch (Exception e)
{
log("FAIL: " + e.getMessage());
}
}
In every case , I am getting an error saying "Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service" (see log below).
How can I "enable" a User so that I can get a ServiceResourceResolver for that User ?
Thank you for your time.
______
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service account-manager
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service activity-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service activitypurgesrv
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service analytics-content-updater-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service analytcsservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service anonymous
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service assetlinksharesemce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service assetusagetrackeruser
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service audit-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service authentication-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service campaign-cloudservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service campaign-reader
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service campaign-remote
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service canvaspage-actlvate-setvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service canvaspage-delete-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service cavery
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service cdn-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service clientibs-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service commerce-backend-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service commerce-frontend-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service commerce-orders-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-ad-manager
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-analytics-admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-enablement-property-writer
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-index-admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-srp-config-reader
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-tag-admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-ugc-writer
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-user-admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-utility-reader
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service communities-workflow-launcher
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service compat-codeupgrade-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service components-search-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service contentsync-setv•ce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service cryptoservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service cog-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-activitmriter•setvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-asseteventmonitor•service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-formitemseditor-senvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-replication-sevice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-teammgr-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dam-update-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service design-cache-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service device-identification-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dtmsetvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dynamic-media-replication
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dynamic-media-replication-filter
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service dynamicmedia-config-setvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service fd-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service fontconfig-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service foundation-forms-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service foundation-forms-store-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service hierarchymodification-listener-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service history-listener-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service idsjobprocessor
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service imccoy
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service index-admin
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service installerservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service ksaner
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service language-manager-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service launch-event-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service launch-promote-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service linkstorage-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service media-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service monitoringScripts
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service msm-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service namespace-mg mt-senvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service nlp-reader
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service notification-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service oauthsenrice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service offloading-agentmanager
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service offloading-jobcloner
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service offloading-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service omnisearch-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service packagelist-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service page-name-validator-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service pageexporterservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service personalization-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service polling-impatter-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service primary-resource-search-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service projects-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service recs-de[eted-products listener service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service reference-adjustment-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service reference-processing-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service replication-receiver
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service replication-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service repasitcy-change-listener-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service repasitcy-reader-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service resourcecollectlonservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service s7dam-config-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service scene7-asset-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service scene7-config-sennce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service scheduled-expatter-segvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service searchpromote-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service securiti/ userpropetties-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-context-aware-config-web-console
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-discovery
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-event
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-118n
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-installer-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-jcr•mstall
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-mapping
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-readall
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-rewriter
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-scripting
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-tenant
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service sling-xss
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service snapshotsenvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service social-enablement replication-user
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service social-enablement-tmp-manager
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service spellchecker-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service se-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service statistics-seneice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service tag-garbage-collection-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service tag-validation-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service targetservice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service taskmanagement-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service translation-config-setvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service translation-job-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service undo-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service varmstrong
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service version-manager-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service version-purge-serwce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service wcm-workflow-setvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service webdavbkpsetvice
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service websetvice-suppatt replication
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service websetvice-suppatt-setvcellbfinder
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service willie.melton@dodglt.com
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service workflow-pacess-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service workflow-repo-reader-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service workflow-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service workflow-user-service
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service wurfl-loader-semce
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service youtube-authenticator-user
FAIL: Cannot derive user name for bundle org.apache.sling.models.impl [489] and sub service zachammitchell@spambob.com
Views
Replies
Total Likes
Hi,
It seems, you get this wrong.
You need to create a new system user which will be act as a service user.
Then you need to map that user and sub-service with bundle.
Thanks
Arun
Follow this doc - it shows you all that you need to do. As shown in the Doc:
1 - you need to create a system user.
2 - you need to give correct permissions - for testing grant all permissions by clicking top row.
3- Use Sling Mapping Service to map system user and specify the OSGi symbolic name.
THANK YOU ALL!!
Got there eventually using the steps below to create a System User , and then "map" System User with OSGi bundle :-
1.1. Goto http://localhost:4542/crx/explorer/index.jsp
1.2. Login as admin
1.3. Click "User Administration"
1.4. Click "Create SYSTEM User"
1.5. Input UserID (for example "content-writer")
1.6. Click green tick to create System User
Repeat above process for Publish server (http://localhost:4543/crx/explorer/index.jsp)
2.1. Goto http://localhost:4542/system/console/configMgr
2.2. Search for "Apache Sling Service User Mapper Service"
2.3. Click icon to "Edit the configuration values"
2.4. Click plus ('+') button to add Service Mappings
2.5. Input new Service Mappings (for example "org.apache.sling.models.impl=content-writer" or "org.apache.sling.models.impl:content-writer=content-writer")
Repeat above process for Publish server (http://localhost:4543/system/console/configMgr)
After completing above steps , it should be possible to getServiceResourceResolver() using the following Java code :-
final Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, "content-writer");
final ResourceResolver rr = resourceResolverFactory.getServiceResourceResolver(param);
Views
Replies
Total Likes
That is great that you got it working. I made a video too to show this in action for community members in the future having issues.
Views
Replies
Total Likes
Views
Likes
Replies