AEM Workflow:获取发起者的会话以检查权限
AEM Workflow: Get session of the initiator to check permissions
要检查启动器的权限,您可以调用 session.checkPermission()
但是,com.day.cq.workflow.WorkflowSession.getSession() returns 始终是管理会话,因此我无法检查给定节点上的发起者权限。
如何获取发起者的session?
更新
Authorizable authorizable = userManager.getAuthorizable(initiator);
Credentials credentials = ((User) authorizable).getCredentials();
Session userSession = adminSession.impersonate(credentials);`
投掷:
javax.jcr.LoginException: Login Failure: all modules ignored
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:271)
at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:92)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:202)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:284)
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access[=11=]0(LoginContext.java:195)
at javax.security.auth.login.LoginContext.run(LoginContext.java:682)
... 15 common frames omitted`
首先,正如@CptBartender 在评论中提到的,管理员应该有权访问所有内容,或者如果您正在使用服务帐户,则该服务帐户应该有权访问它需要更新的内容。
在使用 Sling 服务帐户的较新 AEM 版本中,发起者始终是 admin 或 workflow-service。用户请求启动工作流程,管理员或服务帐户运行该流程。如果你想找到启动工作流的用户,你可以使用 item.getWorkflowData().getMetaDataMap().get("userId", String.class) 查看元数据。请注意,数据与 JCR 中创建的资源匹配,路径类似于 /etc/workflow/instances/server0/2016-06-13/update_asset_2/data/metaData。此外,您可以通过获取 HistoryItem 然后获取 userId.
来获取各个工作流过程步骤的参与者
确定发起者后,您应该可以模拟以下内容:
@Component
@Service
@Properties({
@Property(name = Constants.SERVICE_DESCRIPTION, value = "Workflow step description"),
@Property(name = Constants.SERVICE_VENDOR, value = "Company Name"),
@Property(name = "process.label", value = "Process Label will show in the workflow dropdown") })
public class MyCustomStep implements WorkflowProcess {
public void execute(WorkItem item, WorkflowSession wfsession, MetaDataMap args) throws WorkflowException {
/* Always admin or service-workflow */
final String initiator = item.getWorkflow().getInitiator();
/* Get actual user who initiated workflow */
final String initiator = item.getWorkflowData().getMetaDataMap().get("userId", String.class);
/* Get workflow history */
final List<HistoryItem> histories = wfsession.getHistory(item.getWorkflow());
/* Get first item in workflow history */
final HistoryItem firstItem = histories.get(0);
/* Get the user that participated in the last item */
final String firstUser = firstItem.getUserId();
/* Get impersonated session */
try {
Session userSession = wfsession.getSession().impersonate(new SimpleCredentials(initiator,new char[0]));
} catch (javax.jcr.LoginException e) {
e.printStackTrace();
} catch (RepositoryException e) {
e.printStackTrace();
}
}
}
要检查启动器的权限,您可以调用 session.checkPermission()
但是,com.day.cq.workflow.WorkflowSession.getSession() returns 始终是管理会话,因此我无法检查给定节点上的发起者权限。
如何获取发起者的session?
更新
Authorizable authorizable = userManager.getAuthorizable(initiator);
Credentials credentials = ((User) authorizable).getCredentials();
Session userSession = adminSession.impersonate(credentials);`
投掷:
javax.jcr.LoginException: Login Failure: all modules ignored
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:271)
at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:92)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:202)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:284)
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access[=11=]0(LoginContext.java:195)
at javax.security.auth.login.LoginContext.run(LoginContext.java:682)
... 15 common frames omitted`
首先,正如@CptBartender 在评论中提到的,管理员应该有权访问所有内容,或者如果您正在使用服务帐户,则该服务帐户应该有权访问它需要更新的内容。
在使用 Sling 服务帐户的较新 AEM 版本中,发起者始终是 admin 或 workflow-service。用户请求启动工作流程,管理员或服务帐户运行该流程。如果你想找到启动工作流的用户,你可以使用 item.getWorkflowData().getMetaDataMap().get("userId", String.class) 查看元数据。请注意,数据与 JCR 中创建的资源匹配,路径类似于 /etc/workflow/instances/server0/2016-06-13/update_asset_2/data/metaData。此外,您可以通过获取 HistoryItem 然后获取 userId.
确定发起者后,您应该可以模拟以下内容:
@Component
@Service
@Properties({
@Property(name = Constants.SERVICE_DESCRIPTION, value = "Workflow step description"),
@Property(name = Constants.SERVICE_VENDOR, value = "Company Name"),
@Property(name = "process.label", value = "Process Label will show in the workflow dropdown") })
public class MyCustomStep implements WorkflowProcess {
public void execute(WorkItem item, WorkflowSession wfsession, MetaDataMap args) throws WorkflowException {
/* Always admin or service-workflow */
final String initiator = item.getWorkflow().getInitiator();
/* Get actual user who initiated workflow */
final String initiator = item.getWorkflowData().getMetaDataMap().get("userId", String.class);
/* Get workflow history */
final List<HistoryItem> histories = wfsession.getHistory(item.getWorkflow());
/* Get first item in workflow history */
final HistoryItem firstItem = histories.get(0);
/* Get the user that participated in the last item */
final String firstUser = firstItem.getUserId();
/* Get impersonated session */
try {
Session userSession = wfsession.getSession().impersonate(new SimpleCredentials(initiator,new char[0]));
} catch (javax.jcr.LoginException e) {
e.printStackTrace();
} catch (RepositoryException e) {
e.printStackTrace();
}
}
}