Adobe Experience Manager Sites & More

jakej40603950 · 9/2/17

I understand that getAdministrativeResourceResolver has been deprecated since 6.0 (valid risks for this change?) and a resource resolver has to be fetched by passing an appropriate system user.

But if you are accessing the resource resolver from a sling request object, what user is this resolver mapped to?

Feike_Visser1 · 9/3/17

If you do request.getResourceResolver(), the user is used of the current session.

That is the recommended way, because the permissions are respected of the current user.

View solution in original post

Ratna_Kumar · 9/2/17

Hi,

In AEM 6.x the method getAdministrativeResourceResolver has been deprecated [0], as it is considered a security risk by providing too broad of access. A best practice is now to create a Service User with only the necessary permissions and use the method getServiceResourceResolver to get a ResourceResolver. There is a full discussion on the Sling documentation: [1]. In addition Yogesh Upadhyay provides a good tutorial on his blog: [2]

[0] - https://docs.adobe.com/content/docs/en/aem/6-0/develop/ref/diff-previous/changes/org.apache.sling.ap...

[1] - http://sling.apache.org/documentation/the-sling-engine/service-authentication.html

[2] - http://www.wemblog.com/2014/08/how-to-use-sessions-and-resource.html

See this example HELPX article: https://helpx.adobe.com/experience-manager/using/querying-experience-manager-sling-cug.html

Hope this helps!

Thanks,

Ratna Kumar.