堆栈内存溢出
  简体   繁体   English

如何使用ACL权限以编程方式在aem6.2中创建用户和组?

[英]How to create user and group in aem6.2 programmatically with ACL permissions?

 原文  2016-07-29 14:46:45       java/ aem/ jcr/ sling/ aem-6

问题描述

Is it possible to create Group and User in AEM6.2 by using Jackrabbit User Manager API with permissions. 是否可以通过使用具有权限的Jackrabbit用户管理器API在AEM6.2中创建组和用户。 I have just followed below URL's but the code is throwing some exception : 我刚刚按照下面的URL,但代码抛出一些异常:

  1. https://helpx.adobe.com/experience-manager/using/jackrabbit-users.html https://helpx.adobe.com/experience-manager/using/jackrabbit-users.html

  2. https://stackoverflow.com/questions/38259047/how-to-give-permission-all-in-aem-through-programatically https://stackoverflow.com/questions/38259047/how-to-give-permission-all-in-aem-through-programatically

  3. ResourceResolverFactory getServiceResourceResolver throws Exception in AEM 6.1 ResourceResolverFactory getServiceResourceResolver在AEM 6.1中引发异常

As getAdministrativeResourceResolver(Map) method is deprecated then how can we use getServiceResourceResolver(Map) method instead. 由于不赞成使用getAdministrativeResourceResolver(Map)方法,那么我们如何改为使用getServiceResourceResolver(Map)方法。

2 个解决方案

解决方案1
 2 已采纳  2016-08-05 11:53:50

Sharing my solution which will be helpful for others. 分享我的解决方案,这将对其他人有所帮助。

Following is the code using getServiceResourceResolver(Map) method for creating Group first and then User and then add user into group with ACL privileges and permission: 以下是使用getServiceResourceResolver(Map)方法的代码,该方法首先创建Group,然后创建User,然后将用户添加到具有ACL特权和权限的组中: 

public void createGroupUser(SlingHttpServletRequest request) {
    String userName = request.getParameter("userName");
    String password = request.getParameter("password");
    String groupName = request.getParameter("groupName");

    Session session = null;
    ResourceResolver resourceResolver = null;
    try {
        Map<String, Object> param = new HashMap<String, Object>();
        param.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
        resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);
        session = resourceResolver.adaptTo(Session.class);

        // Create UserManager Object
        final UserManager userManager = AccessControlUtil.getUserManager(session);

        // Create a Group
        Group group = null;
        if (userManager.getAuthorizable(groupName) == null) {
            group = userManager.createGroup(groupName);

            ValueFactory valueFactory = session.getValueFactory();
            Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
            group.setProperty("./profile/givenName", groupNameValue);
            session.save();

            log.info("---> {} Group successfully created.", group.getID());
        } else {
            log.info("---> Group already exist..");
        }

        // Create a User
        User user = null;
        if (userManager.getAuthorizable(userName) == null) {
            user = userManager.createUser(userName, password);

            ValueFactory valueFactory = session.getValueFactory();
            Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
            user.setProperty("./profile/givenName", firstNameValue);

            Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
            user.setProperty("./profile/familyName", lastNameValue);

            Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
            user.setProperty("./profile/email", emailValue);
            session.save();

            // Add User to Group
            Group addUserToGroup = (Group) (userManager.getAuthorizable(groupName));
            addUserToGroup.addMember(userManager.getAuthorizable(userName));
            session.save();

            // set Resource-based ACLs
            String nodePath = user.getPath();
            setAclPrivileges(nodePath, session);

            log.info("---> {} User successfully created and added into group.", user.getID());
        } else {
            log.info("---> User already exist..");
        }

    } catch (Exception e) {
        log.info("---> Not able to perform User Management..");
        log.info("---> Exception.." + e.getMessage());
    } finally {
        if (session != null && session.isLive()) {
            session.logout();
        }
        if (resourceResolver != null)
            resourceResolver.close();
    }
}

public static void setAclPrivileges(String path, Session session) {
    try {
        AccessControlManager aMgr = session.getAccessControlManager();

        // create a privilege set
        Privilege[] privileges = new Privilege[] { 
                aMgr.privilegeFromName(Privilege.JCR_VERSION_MANAGEMENT),
                aMgr.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES),
                aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
                aMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
                aMgr.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT),
                aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE) };

        AccessControlList acl;
        try {
            // get first applicable policy (for nodes w/o a policy)
            acl = (AccessControlList) aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
        } catch (NoSuchElementException e) {
            // else node already has a policy, get that one
            acl = (AccessControlList) aMgr.getPolicies(path)[0];
        }
        // remove all existing entries
        for (AccessControlEntry e : acl.getAccessControlEntries()) {
            acl.removeAccessControlEntry(e);
        }
        // add a new one for the special "everyone" principal
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);

        // the policy must be re-set
        aMgr.setPolicy(path, acl);

        // and the session must be saved for the changes to be applied
        session.save();
    } catch (Exception e) {
        log.info("---> Not able to perform ACL Privileges..");
        log.info("---> Exception.." + e.getMessage());
    }
}

In code "datawrite" is a service mapping which is mapped with system user in "Apache Sling Service User Mapper Service" which is configurable in the OSGI configuration admin interface. 在代码“ datawrite”中,是一个服务映射,它在“ Apache Sling服务用户映射器服务”中与系统用户映射,该映射可在OSGI配置管理界面中进行配置。

For more detail about system user check link - How to Create System User in AEM? 有关系统用户的更多详细信息,请查看链接- 如何在AEM中创建系统用户?

解决方案2
 0  2016-07-29 20:11:27

I am providing this code direcly from a training of an official Adobe channel, and it is based on AEM 6.1. 我是根据Adobe官方渠道的培训直接提供的此代码,它基于AEM 6.1。 So I assume this might be the best practice. 因此,我认为这可能是最佳做法。 

    private void modifyPermissions() {
    Session adminSession = null;
    try{
        adminSession = repository.loginService(null, repository.getDefaultWorkspace());

        UserManager userMgr= ((org.apache.jackrabbit.api.JackrabbitSession)adminSession).getUserManager();
        AccessControlManager accessControlManager = adminSession.getAccessControlManager();

        Authorizable denyAccess = userMgr.getAuthorizable("deny-access");

        AccessControlPolicyIterator policyIterator =
                accessControlManager.getApplicablePolicies(CONTENT_GEOMETRIXX_FR);
        AccessControlList acl;
        try{
            acl=(JackrabbitAccessControlList) policyIterator.nextAccessControlPolicy();             
        }catch(NoSuchElementException nse){
            acl=(JackrabbitAccessControlList)  accessControlManager.getPolicies(CONTENT_GEOMETRIXX_FR)[0];

        }

        Privilege[] privileges = {accessControlManager.privilegeFromName(Privilege.JCR_READ)};
        acl.addAccessControlEntry(denyAccess.getPrincipal(), privileges);
        accessControlManager.setPolicy(CONTENT_GEOMETRIXX_FR, acl);
        adminSession.save();
    }catch (RepositoryException e){
        LOGGER.error("**************************Repo Exception", e);
    }finally{
        if (adminSession != null)
            adminSession.logout();
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 当我以编程方式在aem 6.2(6.1)中创建组和用户时,AccessDeniedException? - AccessDeniedException when i'm creating Group and User in aem 6.2 (6.1) programmatically? 在AEM 6.2中创建自定义pathbrowser谓词 - Create custom pathbrowser predicate in AEM 6.2 在 AEM 中以编程方式验证 LDAP 用户 - Programmatically Authenticate LDAP user in AEM 如何以编程方式在AEM中创建组描述[关于字段或aboutMe属性]? - How to Create Group description[About Field or aboutMe property] in AEM programatically? 如何更改 Adob​​e AEM 中 Runnable 类的权限? - How to change permissions for Runnable class in Adobe AEM? AEM的ACL缓存大小增加 - ACL cache size increase for AEM 创建具有该组写入权限的目录 - Create directory with write permissions for the group 以编程方式在AEM中添加节点? - Programmatically add node in AEM? AEM /吊索-如何在独立代码中创建ResourceResolverFactory? - AEM/Sling - How to create ResourceResolverFactory in a standalone code? 如何在ViewHelper中的Java中的AEM中创建cookie? - How to create cookies in AEM in Java in ViewHelper?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM