Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Service Users in AEM | AEM Community Discussion

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,157 likes

Total Posts

6,247 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,157 likes

Total Posts

6,247 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

10-05-2020

BlogImage.jpg

Service Users in AEM by Adobe Docs

Abstract

Overview
The main way of getting an administrative session or resource resolver in AEM was using the SlingRepository.loginAdministrative() and ResourceResolverFactory.getAdministrativeResourceResolver() methods provided by Sling.

However, neither of these methods were designed around the principle of least privilege and make it too easy for a developer not to plan for a proper structure and corresponding Access Control Levels (ACLs) for their content early on. If a vulnerability is present in such a service it often leads to privilege escalations to the admin user, even if the code itself would not need administrative privileges to work.

Read Full Blog

Service Users in AEM

Q&A

Please use this thread to ask the related questions.

AEM AEMIBlogSeeding Experience Manager