如何使用 ACL 权限以编程方式在 aem6.2 中创建用户和组?

How to create user and group in aem6.2 programmatically with ACL permissions?

是否可以使用具有权限的 Jackrabbit 用户管理器 API 在 AEM6.2 中创建组和用户。 我刚刚按照下面的 URL 进行操作,但是代码抛出了一些异常:

  1. https://helpx.adobe.com/experience-manager/using/jackrabbit-users.html

改为 getAdministrativeResourceResolver(Map) method is deprecated then how can we use getServiceResourceResolver(Map) 方法。

我直接从 Adob​​e 官方渠道的培训中提供此代码,它基于 AEM 6.1。所以我认为这可能是最佳做法。

    private void modifyPermissions() {
    Session adminSession = null;
    try{
        adminSession = repository.loginService(null, repository.getDefaultWorkspace());

        UserManager userMgr= ((org.apache.jackrabbit.api.JackrabbitSession)adminSession).getUserManager();
        AccessControlManager accessControlManager = adminSession.getAccessControlManager();

        Authorizable denyAccess = userMgr.getAuthorizable("deny-access");

        AccessControlPolicyIterator policyIterator =
                accessControlManager.getApplicablePolicies(CONTENT_GEOMETRIXX_FR);
        AccessControlList acl;
        try{
            acl=(JackrabbitAccessControlList) policyIterator.nextAccessControlPolicy();             
        }catch(NoSuchElementException nse){
            acl=(JackrabbitAccessControlList)  accessControlManager.getPolicies(CONTENT_GEOMETRIXX_FR)[0];

        }

        Privilege[] privileges = {accessControlManager.privilegeFromName(Privilege.JCR_READ)};
        acl.addAccessControlEntry(denyAccess.getPrincipal(), privileges);
        accessControlManager.setPolicy(CONTENT_GEOMETRIXX_FR, acl);
        adminSession.save();
    }catch (RepositoryException e){
        LOGGER.error("**************************Repo Exception", e);
    }finally{
        if (adminSession != null)
            adminSession.logout();
    }

分享我的解决方案,对其他人有帮助。

以下代码使用getServiceResourceResolver(Map)方法先创建Group,再创建User,然后将用户添加到具有ACL权限和权限的组中:

public void createGroupUser(SlingHttpServletRequest request) {
    String userName = request.getParameter("userName");
    String password = request.getParameter("password");
    String groupName = request.getParameter("groupName");

    Session session = null;
    ResourceResolver resourceResolver = null;
    try {
        Map<String, Object> param = new HashMap<String, Object>();
        param.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
        resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);
        session = resourceResolver.adaptTo(Session.class);

        // Create UserManager Object
        final UserManager userManager = AccessControlUtil.getUserManager(session);

        // Create a Group
        Group group = null;
        if (userManager.getAuthorizable(groupName) == null) {
            group = userManager.createGroup(groupName);

            ValueFactory valueFactory = session.getValueFactory();
            Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
            group.setProperty("./profile/givenName", groupNameValue);
            session.save();

            log.info("---> {} Group successfully created.", group.getID());
        } else {
            log.info("---> Group already exist..");
        }

        // Create a User
        User user = null;
        if (userManager.getAuthorizable(userName) == null) {
            user = userManager.createUser(userName, password);

            ValueFactory valueFactory = session.getValueFactory();
            Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
            user.setProperty("./profile/givenName", firstNameValue);

            Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
            user.setProperty("./profile/familyName", lastNameValue);

            Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
            user.setProperty("./profile/email", emailValue);
            session.save();

            // Add User to Group
            Group addUserToGroup = (Group) (userManager.getAuthorizable(groupName));
            addUserToGroup.addMember(userManager.getAuthorizable(userName));
            session.save();

            // set Resource-based ACLs
            String nodePath = user.getPath();
            setAclPrivileges(nodePath, session);

            log.info("---> {} User successfully created and added into group.", user.getID());
        } else {
            log.info("---> User already exist..");
        }

    } catch (Exception e) {
        log.info("---> Not able to perform User Management..");
        log.info("---> Exception.." + e.getMessage());
    } finally {
        if (session != null && session.isLive()) {
            session.logout();
        }
        if (resourceResolver != null)
            resourceResolver.close();
    }
}

public static void setAclPrivileges(String path, Session session) {
    try {
        AccessControlManager aMgr = session.getAccessControlManager();

        // create a privilege set
        Privilege[] privileges = new Privilege[] { 
                aMgr.privilegeFromName(Privilege.JCR_VERSION_MANAGEMENT),
                aMgr.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES),
                aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
                aMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
                aMgr.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT),
                aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE) };

        AccessControlList acl;
        try {
            // get first applicable policy (for nodes w/o a policy)
            acl = (AccessControlList) aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
        } catch (NoSuchElementException e) {
            // else node already has a policy, get that one
            acl = (AccessControlList) aMgr.getPolicies(path)[0];
        }
        // remove all existing entries
        for (AccessControlEntry e : acl.getAccessControlEntries()) {
            acl.removeAccessControlEntry(e);
        }
        // add a new one for the special "everyone" principal
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);

        // the policy must be re-set
        aMgr.setPolicy(path, acl);

        // and the session must be saved for the changes to be applied
        session.save();
    } catch (Exception e) {
        log.info("---> Not able to perform ACL Privileges..");
        log.info("---> Exception.." + e.getMessage());
    }
}

在代码"datawrite"中是服务映射,在"Apache Sling Service User Mapper Service"中与系统用户映射可在 OSGI 配置管理界面中配置。

有关系统用户检查的更多详细信息link - How to Create System User in AEM?