Retrieve effective permissions in AEM 6.0 using REST services

Avatar

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
matthieu_théria
Level 1

15-10-2015

Hi,

I'm new in the world of AEM. I have installed AEM 6.0 (author and publish instances).

I'm interested to find a way to retrieve effective permissions on a specific repository node by using a REST call.

For this, I have installed the last version of the OSGi Bundle "jackrabbit.accessmanager" (v2.1.2). With this, we can do this call to get the effective permissions for pa particular not in JSON format: http://localhost:4502/content/mynode.eacl.json.

However, its seems that the effective permissions are not correctly computed... it seems that the ACLs defined with restrictions are not correctly resolved. I think that it's something new in AEM 6.0 because it uses the JackRabbit Oak 1.0.0 Repository instead of a JackRabbit 2.0 Repository... and maybe restrictions are a new concept not correctly handled in the "jackrabbit.accessmanager" bundle?!?

In fact, in the default demo Geometrixx, some ACLs are defined for the "Everyone" group with restrictions (path), for example:

  • everyone - Deny jcr:read - Restrictions rep:glob-libs*/config/*
  • everyone - Deny jcr:read - Restrictions rep:glob-apps*/config/*
  • everyone - Allow jcr:read

The effective permissions for all nodes excluding nodes under the path "libs" and "apps" should be "Allow jcr:read", but the call returns for the "content" node for example:

everyone: { principal: "everyone",denied: [ jcr:read ], order: 3 }

I think that the restrictions are not correctly handled by this bundle... maybe it is outdated and not compatible with the JackRabbit Oak 1.0.0 Repository...

Is there an equivalent or something new to get effective permissions with a REST call in AEM 6.0?

Thanks for your help.

Matthieu

View Entire Topic

Avatar

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
matthieu_théria
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
matthieu_théria
Level 1

15-10-2015

Hi Jörg,

I use this bundle to get this response: http://sling.apache.org/documentation/bundles/managing-permissions-jackrabbit-accessmanager.html.

And I think that this call can be used in the AccessManager:

  • getEffectivePolicies(String)

Ref.: http://jackrabbit.apache.org/oak/docs/security/accesscontrol/editing.html

However, I think that will have to implement my own servlet to expose this call in REST.

Thanks,

Matthieu