Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Scheduled OOTB workflow on author does not run due to javax.jcr.AccessDeniedException: Access denied.

Avatar

Level 2
Level 2
2/21/23 1:51:35 AM

Hi,
I am currently facing the following issue. I have created a scheduled job which runs every night and collects assets which have failed and re-uploads them using "dynamic-media-reupload" workflow. When I ran the same code in a test Servlet all worked as expected, the problem comes when the workflow gets executed by the scheduler job. Is there a specific way the Workflowsession needs to be instantiated, do I need to provide some additional privileges / metadata info. I am attaching the error in the error log

com.adobe.granite.workflow.core.jcr.WorkflowBucketManager Error creating unique instance id: /var/workflow/instances/server1901/2023-02-19/dynamic-media-reupload_131
javax.jcr.AccessDeniedException: Access denied.
at org.apache.jackrabbit.oak.jcr.security.AccessManager.checkPermissions(AccessManager.java:71) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:320) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at org.apache.jackrabbit.oak.jcr.session.NodeImpl$5.perform(NodeImpl.java:289) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:210) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at org.apache.jackrabbit.oak.jcr.session.ItemImpl.perform(ItemImpl.java:112) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at org.apache.jackrabbit.oak.jcr.session.NodeImpl.addNode(NodeImpl.java:289) [org.apache.jackrabbit.oak-jcr:1.44.0.T20221206170501-6d59064]
at com.adobe.granite.workflow.core.jcr.WorkflowBucketManager.createWorkflowInstanceNode(WorkflowBucketManager.java:206) [com.adobe.granite.workflow.core:2.1.84]
at com.adobe.granite.workflow.core.jcr.WorkflowManager.createWorkflowInstance(WorkflowManager.java:366) [com.adobe.granite.workflow.core:2.1.84]
at com.adobe.granite.workflow.core.WorkflowSessionImpl.startWorkflow(WorkflowSessionImpl.java:2025) [com.adobe.granite.workflow.core:2.1.84]
at com.adobe.granite.workflow.core.WorkflowSessionImpl.startWorkflow(WorkflowSessionImpl.java:543) [com.adobe.granite.workflow.core:2.1.84]

Views

713

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 2:26:55 AM

Hi @oligawen ,

How are getting the workflow session?

Try to get the workflow session from the system user with proper permission to the system user.

private static final String SYSTEM_USER = "system_user";
//Getting ResourceResolver and Session using System Users
Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, SYSTEM_USER);
resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);

// Get the workflow session from the resource resolver
final WorkflowSession workflowSession = resourceResolver.adaptTo(WorkflowSession.class);

 The rest of the code for workflow initialization can follow as below:

// Workflow model path
final String model = "/var/workflow/models/version-creation";

// Get the workflow model object
final WorkflowModel workflowModel = Objects.requireNonNull(workflowSession).getModel(model);

// Create a workflow payload object pointing to a resource via JCR(asset path)
final WorkflowData workflowData = workflowSession.newWorkflowData("JCR_PATH", payloadPath);

Map<String, Object> workflowMetadata = new HashMap<>();
workflowMetadata.put("startDate", new Date());

//start the workflow
workflowSession.startWorkflow(workflowModel, workflowData, workflowMetadata);

Hope this could help you!!!

Regards,

Shiv

 

Shiv Prakash

View solution in original post

Views

696

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
6 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
2/21/23 2:26:55 AM

Hi @oligawen ,

How are getting the workflow session?

Try to get the workflow session from the system user with proper permission to the system user.

private static final String SYSTEM_USER = "system_user";
//Getting ResourceResolver and Session using System Users
Map<String, Object> param = new HashMap<>();
param.put(ResourceResolverFactory.SUBSERVICE, SYSTEM_USER);
resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);

// Get the workflow session from the resource resolver
final WorkflowSession workflowSession = resourceResolver.adaptTo(WorkflowSession.class);

 The rest of the code for workflow initialization can follow as below:

// Workflow model path
final String model = "/var/workflow/models/version-creation";

// Get the workflow model object
final WorkflowModel workflowModel = Objects.requireNonNull(workflowSession).getModel(model);

// Create a workflow payload object pointing to a resource via JCR(asset path)
final WorkflowData workflowData = workflowSession.newWorkflowData("JCR_PATH", payloadPath);

Map<String, Object> workflowMetadata = new HashMap<>();
workflowMetadata.put("startDate", new Date());

//start the workflow
workflowSession.startWorkflow(workflowModel, workflowData, workflowMetadata);

Hope this could help you!!!

Regards,

Shiv

 

Shiv Prakash

Views

697

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
2/21/23 2:45:59 AM
In response to Shiv_Prakash_Patel

Hi @Shiv_Prakash_Patel ,
Thank you very, very much for the detailed answer and code snippet. I was getting the workflow session like this

WorkflowSession workflowSession = resourceResolver.adaptTo(WorkflowSession.class);

 and the resource resolver I got like this

final ResourceResolver resourceResolver = resourceResolverService.createReader().get()

 where resourceResolverService is 

@Reference

 

Views

690

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/21/23 5:59:33 AM
In response to oligawen

Please check if the implementation of createReader() method has read and writes permission to the var folder or just get resource resolver from the system user with read & write permission to the var folder.

 

Shiv Prakash

Views

653

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/21/23 6:16:21 AM
In response to Shiv_Prakash_Patel

Yeah, that is what I neglected to check, createReader had only the read rights, I now provided the createWriter, who has both read and write permissions. Question is where do I check the permissions for specific folders ? I was not able to find a system_user locally 

Views

648

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/21/23 7:34:14 AM
In response to oligawen

You can check the system user associated with your bundle in the config manager. It will give you an idea about this and once will know the system user you can check the permission from the user admin console.

please check - https://unlocklearning.in/resource-resolver-in-aem/ 

 

 

Shiv Prakash

Views

637

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/21/23 9:05:05 AM
In response to Shiv_Prakash_Patel

@Shiv_Prakash_Patel  once again thank you very much for your time and detailed explanations. 

Views

629

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Issue when using experience fragment component on a page

Views

36

Likes

0

Replies

0
How to store multiple Org IDs, Environment IDs, Program IDs locally for AIO Plugin Deployment?

Views

62

Likes

0

Replies

1
What is the idea way to bring content from Publish to Author in AEMaaCS

Views

145

Likes

0

Replies

6
My custom servlet is not being called

Views

98

Likes

0

Replies

4
Get List of locally created pages from local country site which are not rolled out from language-master

Views

88

Likes

0

Replies

4