当我以编程方式在 aem 6.2 (6.1) 中创建组和用户时出现 AccessDeniedException?
AccessDeniedException when i'm creating Group and User in aem 6.2 (6.1) programmatically?
我想先创建组,然后创建用户,然后我想使用 getServiceResourceResolver(map) 或 loginService("datawrite",null).
将用户添加到组中
我尝试了以下代码,但在会话保存时出现异常 (adminSession.save()):
public void addGroupUser(SlingHttpServletRequest request) {
log.info("----------------------------------------> addGroupUser");
String groupName = request.getParameter("groupName");
String userName = request.getParameter("userName");
String password = request.getParameter("password");
Session adminSession = null;
ResourceResolver adminResolver = null;
try {
Map<String, Object> authInfoParam = new HashMap<String, Object>();
authInfoParam.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
adminResolver = resolverFactory.getServiceResourceResolver(authInfoParam);
//adminResolver = resolverFactory.getAdministrativeResourceResolver(null); //deprecated method
adminSession = slingRepository.loginService("datawrite", null);
log.info("----------------------------------------> Session user id = {}",adminSession.getUserID());
// Create UserManager Object
final UserManager userManager = AccessControlUtil.getUserManager(adminSession);
// Create a Group
Group group= null;
if (userManager.getAuthorizable(groupName) == null) {
//adminResolver.refresh();
group = userManager.createGroup(groupName,new SimplePrincipal(groupName),"/home/groups/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
group.setProperty("./profile/givenName", groupNameValue);
//adminResolver.commit();
log.info("----------------------------------------> {} Group successfully created.",group.getID());
} else {
log.info("----------------------------------------> Group already exist..");
}
// Create a User
User user = null;
if (userManager.getAuthorizable(userName) == null) {
//adminResolver.refresh();
user=userManager.createUser(userName, password,new SimplePrincipal(userName),"/home/users/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
user.setProperty("./profile/givenName", firstNameValue);
Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
user.setProperty("./profile/familyName", lastNameValue);
Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
user.setProperty("./profile/email", emailValue);
//adminResolver.commit();
log.info("----------------------------------------> {} User successfully created.",user.getID());
} else {
log.info("----------------------------------------> User already exist..");
}
// Add Users to Group
Group addUserToGroup = (Group)(userManager.getAuthorizable(groupName));
addUserToGroup.addMember(userManager.getAuthorizable(userName));
adminSession.save();
}catch (Exception e) {
log.info("----------------------------------------> Not able to perform User Management..");
log.info("----------------------------------------> Exception.." + e.getMessage());
} finally {
if (adminSession != null && adminSession.isLive()) {
adminSession.logout();
}
if (adminResolver != null)
adminResolver.close();
}
}
异常日志为:
javax.jcr.AccessDeniedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.performVoid(SessionImpl.java:419)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
...
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:212)
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.childNodeAdded(PermissionValidator.java:150)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:32)
at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeAdded(CompositeEditor.java:108)
...
我在“Apache Sling Service User Mapper Service”中有 "datawrite" 与系统用户的服务映射,可在 OSGI 配置管理界面中配置。
代码现在可以工作了——这是一个权限问题。我将 "datawrite" 系统用户添加到管理员组:
这样 - 不会发生 OAK 异常,系统用户可以在 AEM 6.2/6.1.
中创建组和用户
我想先创建组,然后创建用户,然后我想使用 getServiceResourceResolver(map) 或 loginService("datawrite",null).
将用户添加到组中我尝试了以下代码,但在会话保存时出现异常 (adminSession.save()):
public void addGroupUser(SlingHttpServletRequest request) {
log.info("----------------------------------------> addGroupUser");
String groupName = request.getParameter("groupName");
String userName = request.getParameter("userName");
String password = request.getParameter("password");
Session adminSession = null;
ResourceResolver adminResolver = null;
try {
Map<String, Object> authInfoParam = new HashMap<String, Object>();
authInfoParam.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
adminResolver = resolverFactory.getServiceResourceResolver(authInfoParam);
//adminResolver = resolverFactory.getAdministrativeResourceResolver(null); //deprecated method
adminSession = slingRepository.loginService("datawrite", null);
log.info("----------------------------------------> Session user id = {}",adminSession.getUserID());
// Create UserManager Object
final UserManager userManager = AccessControlUtil.getUserManager(adminSession);
// Create a Group
Group group= null;
if (userManager.getAuthorizable(groupName) == null) {
//adminResolver.refresh();
group = userManager.createGroup(groupName,new SimplePrincipal(groupName),"/home/groups/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
group.setProperty("./profile/givenName", groupNameValue);
//adminResolver.commit();
log.info("----------------------------------------> {} Group successfully created.",group.getID());
} else {
log.info("----------------------------------------> Group already exist..");
}
// Create a User
User user = null;
if (userManager.getAuthorizable(userName) == null) {
//adminResolver.refresh();
user=userManager.createUser(userName, password,new SimplePrincipal(userName),"/home/users/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
user.setProperty("./profile/givenName", firstNameValue);
Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
user.setProperty("./profile/familyName", lastNameValue);
Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
user.setProperty("./profile/email", emailValue);
//adminResolver.commit();
log.info("----------------------------------------> {} User successfully created.",user.getID());
} else {
log.info("----------------------------------------> User already exist..");
}
// Add Users to Group
Group addUserToGroup = (Group)(userManager.getAuthorizable(groupName));
addUserToGroup.addMember(userManager.getAuthorizable(userName));
adminSession.save();
}catch (Exception e) {
log.info("----------------------------------------> Not able to perform User Management..");
log.info("----------------------------------------> Exception.." + e.getMessage());
} finally {
if (adminSession != null && adminSession.isLive()) {
adminSession.logout();
}
if (adminResolver != null)
adminResolver.close();
}
}
异常日志为:
javax.jcr.AccessDeniedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.performVoid(SessionImpl.java:419)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
...
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:212)
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.childNodeAdded(PermissionValidator.java:150)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:32)
at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeAdded(CompositeEditor.java:108)
...
我在“Apache Sling Service User Mapper Service”中有 "datawrite" 与系统用户的服务映射,可在 OSGI 配置管理界面中配置。
代码现在可以工作了——这是一个权限问题。我将 "datawrite" 系统用户添加到管理员组:
这样 - 不会发生 OAK 异常,系统用户可以在 AEM 6.2/6.1.
中创建组和用户