如何更改 Adobe AEM 中 Runnable 类的权限?
[英]How to change permissions for Runnable class in Adobe AEM?
问题描述
AI have a problem with accessing resources from within my Runnable class. 
AI 在从我的 Runnable 类中访问资源时遇到问题。
I am implementing the Runnable component in AEM (v.6.5).我正在 AEM (v.6.5) 中实现 Runnable 组件。 It needs to access the resource, in this case, it is '/libs/wcm/core/resources/languages'.它需要访问资源,在这种情况下,它是“/libs/wcm/core/resources/languages”。 However, this resource is not accessible for anonymous user and AEM starts my component with such user.但是,匿名用户无法访问此资源,并且 AEM 使用此类用户启动我的组件。
How I can change the user inside my Runnable class so it is run with different permissions?如何更改 Runnable 类中的用户,使其以不同的权限运行?
Thanks in advance for help.预先感谢您的帮助。
org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.my-service-user.xml : org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.my-service-user.xml :
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
user.mapping="[xxx.yyy.my-app.core:my-service=[my-service-system-user]]"/>
Getting the Reosurce:获取资源:
resourceResolver = resolverFactory.getServiceResourceResolver(Collections.singletonMap(ResourceResolverFactory.SUBSERVICE, "my-service"));
I read some documentation but it is just not working in my case.我阅读了一些文档,但在我的情况下它不起作用。
I am at the very beginning of my AEM 'adventure' so maybe I just understand something :)我正处于我的 AEM“冒险”的最开始,所以也许我只是明白一些事情:)
As I understand, I need a 'system user'.据我了解,我需要一个“系统用户”。 I don't want to be dependent on 'acs-aem-commons'.我不想依赖“acs-aem-commons”。 I was trying this blog article .我正在尝试这篇博客文章。 I created the user manually, then created the config file and remove user from the system.我手动创建了用户,然后创建了配置文件并从系统中删除了用户。 It is not being recreated.它没有被重新创建。
1 个解决方案
解决方案1
3 2020-02-06 15:10:42
If I understand correctly, you're trying to use the Sling Scheduler to run a scheduled task.如果我理解正确,您正在尝试使用Sling Scheduler来运行计划任务。
In terms of repository access, this isn't much different from any other OSGi service.在存储库访问方面,这与任何其他 OSGi 服务没有太大区别。 Any content that's not accessible by anonymous users should be loaded using a dedicated service user with the minimal set of permissions that makes sense.匿名用户无法访问的任何内容都应使用具有有意义的最小权限集的专用服务用户加载。 That way, you can add explicit, read-only access to a given set of resources and limit it to a specific OSGi service instead of making parts of the repository publicly readable.这样,您可以添加对给定资源集的显式只读访问,并将其限制为特定的 OSGi 服务,而不是使存储库的某些部分公开可读。
To do this, you can create a service user mapping so that your bundle can use the service user account.为此,您可以创建服务用户映射,以便您的捆绑包可以使用服务用户帐户。 That will allow you to use ResourceResolverFactory#getServiceResourceResolver to instantiate a resource resolver associated with a session created in that user's name.这将允许您使用ResourceResolverFactory#getServiceResourceResolver来实例化与以该用户名创建的会话相关联的资源解析器。
See https://sling.apache.org/documentation/the-sling-engine/service-authentication.html for more information.有关更多信息,请参阅https://sling.apache.org/documentation/the-sling-engine/service-authentication.html 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.