Service user and mapping

michalg86039359

25-03-2019

Hello,

I followed the instruction https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/security-service-users.html to create a service user and a mapping.

To create a user I performed following steps:

- created a user just like the site specifies there: http://server:port/crx/explorer/index.jsp

as I want the user to be created during bundle content installation:

- created a .confg.xml file under /<content_dir>/src/main/content/jcr_root/home/users/system/<jcr:uuid from the created user in previous step> with the content specified in the example in instruction>

- added a filter instruction to /<content_dir>/src/main/content/META_INF/vault/filter.xml -> <filter root="/home/users/system" mode="merge"/>

- removed the user from jcr.

During bundle installation in aem following error occured:

Request failed: org.apache.jackrabbit.vault.packaging.PackageException: javax.jcr.nodetype.ConstraintViolationException: OakConstraint0001: /home/users/system[[rep:AuthorizableFolder, rep:AccessControllable]]: No matching definition found for child node q1_hkN-Qns4jK_Lt9ri_ with effective type [nt:folder] (500)

As to adding an amendment to ServiceUserMapper configuration,

- I've placed a file named org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-<service_user_name>-factory.xml

in /<bundle_dir>/src/main/resources/SLING-INF/content/

with following content:

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0"
   xmlns:jcr="http://www.jcp.org/jcr/1.0"
   jcr:primaryType="sling:OsgiConfig"
   user.mapping="[<package_path>=<service_user_name>]" />

and I've performed the 3rd step of the instruction exactly as it's specified there, however the configuration does not seem to take place. I've checked that by looking at path /libs/system/config in jcr and checking as specified in 4th step of the instruction.

Have you encountered the same or similar problem or might now the solution to this one?

Accepted Solutions (1)

Accepted Solutions (1)

michalg86039359

26-03-2019

It finally worked, even without renaming it.

What I've done is just placed the file in content package in catalogue: <...>/jcr_root/apps/<app>/config/ which resulted in putting the file into the same location in JCR and initialization of an instance of the factory defined in there.

Looks like just correct jcr:primaryType was enough to make the functionality work.

Answers (8)

Answers (8)

Jörg_Hoh

Employee

25-03-2019

Rename org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-<service_user_name>-factory.xml to org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-<service_user_name>.xml.

Also it is not required to use the name of the service is the name (as <service_user_name>), but it's just good practice.

michalg86039359

25-03-2019

I've managed to figure out the first issue by simply renaming the '.config.xml' file to '.content.xml' - small issue.

Now I'm working on the 2nd issue.

michalg86039359

25-03-2019

Actually, I want the user to be defined in a package, so that when it's is uploaded to AEM and installed, the user is installed as-well. So user creation through /useradmin is not what I want to do.

That's the content of .config.xml (so there's already rep:SystemUser):

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
   jcr:primaryType="rep:SystemUser"
   jcr:uuid="55a85283-a5cc-34f8-9049-6b252037b538"
   rep:principalName="testSysUser"
   rep:authorizableId="testSysUser"/>

Gaurav-Behl

MVP

25-03-2019

That's a valid use case. Just create the user as mentioned in the article and assign permissions to specific paths  via /useradmin and in the usermapper configuration, grant either read or write or both permissions (based on your use case) to the user against the bundle. Now, that system user can be utilized by that service bundle and would have read/write access to specific paths.  All of this is done statically one time before you deploy your code bundle.

In your source code/bundle, you'd simply use this service user to perform some action.

I got confused with your statement - "as I want the user to be created during bundle content installation"

Gaurav-Behl

MVP

25-03-2019

Could you please explain your use case? Why would you want to create "service user" progammatically at run time?

Per my knowledge, it requires admin credentials/session to create service user. How do you plan to get the "admin" session in your code and then make sure that you apply the configuration to the respective use case at run time?