Adobe Experience Manager Sites & More

srikanth_kalesh · 4/27/17

I have a Sling Servlet named RecommendationsServlet which is resolved for one user and un-resolved for the other. I have attached screenshots for both the requests from Felix. Only difference I see is that the request is processed as a customer for one user and full-customer for another in the felix console. Please help ASAP.

MC_Stuff · 4/28/17

Srikanth Kaleshwaram wrote...

@JorgHoh, Yes that was my observation too. We are using a third party IDP and no users are configured in AEM. I just wanted to find out for which OOTB users would AEM allocate "customer" and "full-customer" access. Also, there are no ACLs on the resource.

Agree with Jorg & your observation it is ACL issue. ACL evaluated bottom up & verify all the inherited permission & not only at resources. Apart from ACL other possibilities are

Verify the permissions of service user used in your component if any.
Using IDP without acl sounds missing some thing. Verify in the logs what is the user id listed as.

View solution in original post

smacdonald2008 · 4/27/17

How are you invoking this Servlet?

srikanth_kalesh · 4/27/17

@Smacdonald2008:

Thanks for your intervention. I am invoking the servlet using an Ajax call. The servlet invoke is successful for one user and exception occurs for another user. All parameters passed to the server from the browser are the same. There is no user level access. I have also attached the requests on the Felix console. please have a look. The issue is that AEM works with a different resolution though all the selectors, suffixes are the same. The exception received is as below for the problematic request.

"org.apache.sling.api.resource.PersistenceException: Resource at '/en/preferred-access/jcr:content.recommendations.json' is not modifiable."

smacdonald2008 · 4/27/17

Show us the syntax of your @SlingServlet annotation. Is the page you are invoking the servlet from require a user to login to access?

Jörg_Hoh · 4/27/17

Hi,

I guess that the problem lies in here (line 5 in the screenshots):

in case of customer: "$path resolves to Resource = NonExistingResource"
in case of full-customer: $path resolves to Resource = JcrNodeResource, ..."

Please check the ACLs on the resources, if these 2 users are allowed to read this resource.

srikanth_kalesh · 4/28/17

@JorgHoh, Yes that was my observation too. We are using a third party IDP and no users are configured in AEM. I just wanted to find out for which OOTB users would AEM allocate "customer" and "full-customer" access. Also, there are no ACLs on the resource.

srikanth_kalesh · 4/28/17

@SmackDonald2008, PFB the details:

@SlingServlet(selectors = { "recommendations" }, extensions = { "html", "json" }, methods = { "POST" })
public class RecommendationsServlet extends SlingAllMethodsServlet {

MC_Stuff · 4/28/17

Srikanth Kaleshwaram wrote...

@JorgHoh, Yes that was my observation too. We are using a third party IDP and no users are configured in AEM. I just wanted to find out for which OOTB users would AEM allocate "customer" and "full-customer" access. Also, there are no ACLs on the resource.

Agree with Jorg & your observation it is ACL issue. ACL evaluated bottom up & verify all the inherited permission & not only at resources. Apart from ACL other possibilities are

Verify the permissions of service user used in your component if any.
Using IDP without acl sounds missing some thing. Verify in the logs what is the user id listed as.

Adobe Experience Manager Sites & More

Sling Servlet un-resolved for two different requests

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe