Learn about Edge Delivery Services in upcoming GEM session
Service Users in AEM | AEM Community Discussion
Service Users in AEM by Adobe Docs
Abstract
Overview The main way of getting an administrative session or resource resolver in AEM was using the SlingRepository.loginAdministrative() and ResourceResolverFactory.getAdministrativeResourceResolver() methods provided by Sling. However, neither of these methods were designed around the principle of least privilege and make it too easy for a developer not to plan for a proper structure and corresponding Access Control Levels (ACLs) for their content early on. If a vulnerability is present in such a service it often leads to privilege escalations to the admin user, even if the code itself would not need administrative privileges to work. How to Phase Out Admin Sessions 1. Priority 0: Is the feature active/needed/derelict? There may be cases where the admin session is not used, or the feature is disabled entirely. If this is the case with your implementation, make sure you remove the feature altogether or fit it with NOP code . 2. Priority 1: Use The Request Session Whenever possible refactor your feature so that the given, authenticated request session can be used for reading or writing content. If this is not doable, it can often be achieved by applying the priorities following the ones below. 3. Priority 2: Restructure Content Many issues can be resolved by restructuring the content. Keep these simple rules in mind when doing the restructure
Read Full Blog
Service Users in AEM
Q&A
Please use this thread to ask the related questions.
Kautuk Sahni
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
