Highlighted

Service Users in AEM | AEM Community Discussion

kautuk_sahni

Community Manager

10-05-2020

BlogImage.jpg

Service Users in AEM by Adobe Docs

Abstract

Overview
The main way of getting an administrative session or resource resolver in AEM was using the SlingRepository.loginAdministrative() and ResourceResolverFactory.getAdministrativeResourceResolver() methods provided by Sling.

However, neither of these methods were designed around the principle of least privilege and make it too easy for a developer not to plan for a proper structure and corresponding Access Control Levels (ACLs) for their content early on. If a vulnerability is present in such a service it often leads to privilege escalations to the admin user, even if the code itself would not need administrative privileges to work.

Read Full Blog

Service Users in AEM

Q&A

Please use this thread to ask the related questions.

AEM AEMIBlogSeeding Experience Manager