My project is using AEM 5.6.1. We have a custom sling servlet that an external client app post to for bulk upload assets following this approach:
http://helpx.adobe.com/experience-manager/using/multiple-digital-assets.html
The servlet can create assets without issue. There is also a requirement to tag the asset. However tagging the asset is failing - exception info pasted below.
It looks like the servlet is running as "anonymous". How do we make the servlet run as admin user?
Thanks!
16.09.2014 13:50:40.502 *ERROR* [127.0.0.1 [1410893440342] POST /bin/upmanydamfiles HTTP/1.1] com.ourApp.cq.service.TagService access control error - java.security.AccessControlException: User 'anonymous' is not allowed to create tag '/etc/tags/some/test_tag' (node '/etc/tags/some/test_tag)
at com.day.cq.tagging.impl.JcrTagManagerImpl.internalCreateTag(JcrTagManagerImpl.java:1460)
at com.day.cq.tagging.impl.JcrTagManagerImpl.createTag(JcrTagManagerImpl.java:219)
at com.day.cq.tagging.impl.JcrTagManagerImpl.createTag(JcrTagManagerImpl.java:215)
at com.gm.ownercenter.cq.service.TagService.createTag(TagService.java:41)
at com.gm.ownercenter.cq.service.TagService.lookup(TagService.java:23)
at com.gm.ownercenter.cq.HandleFileServlet.processRequest(HandleFileServlet.java:68)
at com.gm.ownercenter.cq.HandleFileServlet.doPost(HandleFileServlet.java:53)
at org.apache.sling.api.servlets.SlingAllMethodsServlet.mayService(SlingAllMethodsServlet.ja
va:148)
at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.jav
a:344)
at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.jav
a:375)
at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:508)
at org.apache.sling.engine.impl.filter.SlingComponentFilterChain.render(SlingComponentFilter
Chain.java:45)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:64)
at com.day.cq.wcm.core.impl.WCMDebugFilter.doFilter(WCMDebugFilter.java:146)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.wcm.core.impl.WCMComponentFilter.filterRootInclude(WCMComponentFilter.java:356
)
at com.day.cq.wcm.core.impl.WCMComponentFilter.doFilter(WCMComponentFilter.java:168)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.personalization.impl.TargetComponentFilter.doFilter(TargetComponentFilter.java
:96)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(SlingRequestProce
ssorImpl.java:254)
at org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSlingFilterChai
n.java:49)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:64)
at com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl.doFilter(AuthoringUIModeServiceImpl.j
ava:301)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.wcm.core.impl.warp.TimeWarpFilter.doFilter(TimeWarpFilter.java:106)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter.doFilter(RedirectFilter.java:290)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter(RequestProgre
ssTrackerLogFilter.java:64)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet.doFilter(FormsHandlingServlet.j
ava:221)
at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilter
Chain.java:60)
at com.day.cq.theme.impl.ThemeResolverFilter.doFilter(ThemeResolverFilter.java:76)
Solved! Go to Solution.
Views
Replies
Total Likes
Thank you for the replies.
My team would like to better understand the details to make the CQ sling servlet run as admin user instead anonymous user.
We see in the client that post to the CQ sling servlet where we can set :
j_username
-- Name of the user to authenticatej_password
-- Password to authenticate the userCan someone help with details on how to make the CQ sling servlet run as admin, please? An example would be great!
Views
Replies
Total Likes
Views
Replies
Total Likes
Hi,
You really shouldn't conceptualize of a servlet running as anyone other than the requesting user. This is exactly Sham's point. Anything else is almost guaranteed to use the insecure pattern of creating an admin session. In production code you should never do this in the context of a request as it represents a significant security risk. It also creates a high risk of session leaks.
Your servlets should use the Sling-managed ResourceResolver. This will be created using authentication information passed in the request itself. For automated processes, the most common technique is to use HTTP Basic authentication. It will also be automatically closed for you - so no risk of session leaks.
Regards,
Justin
In the servlet, disable anonymous access. Then in the client, specify user credentials. This example was made anonymous based on community request.
Views
Replies
Total Likes
smacdonald2008 wrote...
In the servlet, disable anonymous access. Then in the client, specify user credentials. This example was made anonymous based on community request.
I would recommend to update article to use user session rather than admin session.
Views
Replies
Total Likes
I think we could get an admin session at lower leve JCR API to set metadata tags property
//Create a connection to the CQ repository running on local host
//Create a Session
javax.jcr.Session session = repository.login(
new
SimpleCredentials(
"admin"
,
"admin"
.toCharArray()));
....
....
....
// Save the session changes and log out
session.save();
session.logout();
}
However, we would rather use the higher level CQ API TagManager.setTags. I believe the problem is we need the servlet to run as admin user to do this. I am probably missing something simple here?
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies