AEM工作流程:获取启动器的会话以检查权限

时间:2016-06-27 12:54:27

标签: cq5 aem jcr

要检查启动器的权限,您可以调用session.checkPermission()

但是,com.day.cq.workflow.WorkflowSession.getSession()始终返回管理员会话,因此我无法检查发起者在给定节点上的权限。

如何获得启动器的会话?

更新 

Authorizable authorizable = userManager.getAuthorizable(initiator);
Credentials credentials = ((User) authorizable).getCredentials(); 
Session userSession = adminSession.impersonate(credentials);`

抛出:

javax.jcr.LoginException: Login Failure: all modules ignored
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:271)
at com.adobe.granite.repository.impl.CRX3RepositoryImpl.login(CRX3RepositoryImpl.java:92)
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:202)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:284)
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
... 15 common frames omitted`

1 个答案:

答案 0 :(得分:3)

首先,正如@CptBartender在评论中提到的,管理员应拥有所有内容的权利,或者如果您正在利用服务帐户,该服务帐户应该可以访问其需要更新的内容。

在使用Sling服务帐户的较新AEM版本中,启动器始终为adminworkflow-service。用户请求启动工作流,管理员或服务帐户运行该过程。如果您想找到启动工作流程的用户,可以使用item.getWorkflowData().getMetaDataMap().get("userId", String.class)查看元数据。请注意,数据与JCR中创建的资源匹配的路径类似于/etc/workflow/instances/server0/2016-06-13/update_asset_2/data/metaData。此外,您可以通过HistoryItem然后userId获取各个工作流程处理步骤的参与者。

确定发起人后,您应该能够冒充如下内容:

@Component
@Service
@Properties({
    @Property(name = Constants.SERVICE_DESCRIPTION, value = "Workflow step description"),
    @Property(name = Constants.SERVICE_VENDOR, value = "Company Name"),
    @Property(name = "process.label", value = "Process Label will show in the workflow dropdown") })
public class MyCustomStep implements WorkflowProcess {

    public void execute(WorkItem item, WorkflowSession wfsession, MetaDataMap args) throws WorkflowException {

        /* Always admin or service-workflow */
        final String initiator = item.getWorkflow().getInitiator();

        /* Get actual user who initiated workflow */
        final String initiator = item.getWorkflowData().getMetaDataMap().get("userId", String.class);

        /* Get workflow history */
        final List<HistoryItem> histories = wfsession.getHistory(item.getWorkflow());

        /* Get first item in workflow history */
        final HistoryItem firstItem = histories.get(0);

        /* Get the user that participated in the last item */
        final String firstUser = firstItem.getUserId();

        /* Get impersonated session */
        try {
            Session userSession = wfsession.getSession().impersonate(new SimpleCredentials(initiator,new char[0]));
        } catch (javax.jcr.LoginException e) {
            e.printStackTrace();
        } catch (RepositoryException e) {
            e.printStackTrace();
        }
    }
}
相关问题
最新问题