Expand my Community achievements bar.

Service Users in AEM | AEM Community Discussion




Service Users in AEM by Adobe Docs


The main way of getting an administrative session or resource resolver in AEM was using the SlingRepository.loginAdministrative() and ResourceResolverFactory.getAdministrativeResourceResolver() methods provided by Sling.

However, neither of these methods were designed around the principle of least privilege and make it too easy for a developer not to plan for a proper structure and corresponding Access Control Levels (ACLs) for their content early on. If a vulnerability is present in such a service it often leads to privilege escalations to the admin user, even if the code itself would not need administrative privileges to work.

Read Full Blog

Service Users in AEM


Please use this thread to ask the related questions.

Kautuk Sahni

Topics help categorize Community content and increase your ability to discover relevant content.

0 Replies